re-evaluating mailto: « a cup of ruby java
Came across a post by a friend regarding the use of ‘mailto:’ links to trigger the sending of email a couple of days back. (See re-evaluating mailto: « a cup of ruby java)
However, with the popularity of Web based email services increasing, is the mailto: link starting to be deprecated? I am sure most of us have used GMail, Hotmail or Yahoo mail before. There is no way to click the mailto: link and have your web based mail automatically start composing mail for you. If it does, think of the security risk!
Actually, there is. If you’re using Firefox, (and trust me you should be using Firefox) one option is to use Better Gmail. That extension will compose a new mail in Gmail when you click on a ‘mailto:’ link, among a host of other Gmail-specific features. Alternatively, there’s a GreaseMonkey script that provides that functionality for Gmail, Google Apps for your Domain and Yahoo! Mail users. For those who use IE, there’s an inbuilt option to open your mail in Hotmail. Can’t advise beyond that as I’m not using IE. Go Google it or something. =D
Security wise, I don’t see what so dangerous about this. Even if the mailto: link contains malicious javascript statements, Cross Site Scripting (XSS) or otherwise, the text is not parsed by the browser but instead inserted into the relevant fields (as far as I know). Thus, there goes the possibility of XSS.
Besides, there are many email harvesting bots out there that looks out for mailto: links and adds it to their spam list. Even social sites like Facebook generates an Image with not alt text to display your email so that bots can’t harvest it (OCR is out of topic here).
True, but I hate Facebook’s auto-generated un-hyperlinked email address image due to the simple fact that if I actually want to send off an email to that person (that IS why we put up an email address in the first place right?), I’ll have to manually type in the full email address into the relevant field (be it in a mail or webmail client). I’ve been using Email Protector over on my Corporate Contact Us page (http://corporate.jonaize.com/contact.php), along with a few other pages with success thus far (i.e, no spam mail to those addresses). Its slightly more advanced then your average anti-spambot scripts and definitely worth checking out.
Comments
2 Responses to “re-evaluating mailto: « a cup of ruby java”
-
Quotable Quotes
Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris.
— -
Countdown
No dates present
-
Twitter
-
Recent Posts
-
A Year Ago
-
Categories
-
Archives
-
Reads
my mailto: links launch gmail automatically,im not using better gmail but rather the gmail notifer by of cuz google. less ff extension, less clogging.
regarding facebook’s email, i dont use it to email them, with the autocomplete feature in gmail/outlook, i rather compose my mail from there. the only thing useful abt the facebook email to me is for identification, like people (including me) are known as different names to different groups of people. and email address is sorta the common and the very least they should be familiar enough to assiociate the “who the hell are you” with.
@sq : Ah, yeah. Quite a few other FF extensions do that, just highlighted Better Gmail caus I found it cool (and thus I’m using it).
But in the end notifier still uses CPU cycles. So yeah, just where those CPU load comes from eh? =p