Home ecommerce Technical Clients   Contact Links News 09 May 2008
 
   
Home  
ecommerce  
Technical  
Clients  
Consultancy  
Partners  
Press pack  
News  
Contact  
Articles  
Links  
Forums  
   
 
User 
Pass 
   
  Spam-free mailto:tags
  How to use mailto: functionality whilst preventing web crawlers from leeching your email addresses.
   
        Carl Whalley, 23-Dec-2001
Email address harvesting  
Spam, spam spam. We've all had unsolicited email at some point, but where the heck do these guys pick up our email addresses from in the first place? Well there are various ways, from postings to newsgroups, forms on websites and sometimes just plain guesses from sticking something at the front of a website domain name. Unfortunately another place they can harvest them is from your website itself if you use the mailto: tag. This useful feature allows visitors to click a link and have their local email program spring into life with your email address already setup in the 'send' field. The problem is its very easy for a spammer to activate a program which crawls all the pages of your site looking for the 'mailto:' text and copy the email address which follows it.  
The mailto: tag is very useful however so it seems a shame to drop it completely. What is needed is a way for the web server to recognise if a human is asking for the mailto: link rather than an automated crawler. Fortunately there is a way to do this using java servlets. Essentialy the link becomes a call to a custom servlet which can tell if a browser is being used and only perform a mailto: redirect if that is the case.  
Another advantage of this approach is that once under the control of a java process it is possible to do other things depending on how to request arrived. The devious might even create a mailto: tag formed from 'abuse@' + the spammers own domain name if a crawler was detected. Additional events can be fired too, for example sending another email to a control address to monitor who is clicking the link. To see this in action for real just click the 'contact us' link at the footer of every page on this website.  
Java server source  
The code goes something like this:
package com.carmichaeldata.utils.email;

import java.io.*;
import java.net.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class send extends HttpServlet
{
  public void service( HttpServletRequest _req,
      HttpServletResponse _res)
      throws ServletException, IOException {

    EmailRedirect target = new EmailRedirect();
    if ( _req.getParameter("U") != null )
    {
      String user = _req.getParameter("U");
      if ( _req.getParameter("D") != null )
      {
        String domain = _req.getParameter("D");

        Enumeration e = _req.getHeaderNames();
        while (e.hasMoreElements())
        {
          String name = (String) e.nextElement();
          String header = _req.getHeader(name);
          if (name.equals("User-Agent"))
          {
            if (header.length() > 0)
            {
              target.setDest(user, domain);
              break;
            }
          }
        }
      }
    }
    if (target.getOkToProcess())
    {
      _res.sendRedirect(target.getRedirectString());
    }
  }
}

public class EmailRedirect {
  String user, domain, subject, body;

  public void setDest(String _user, String _domain) {
    if (_user != null)
      user = _user;
    if (_domain != null)
      domain =  _domain;
  }

  public void setSubject(String _subject) {
    if (_subject != null)
      subject = _subject;
  }

  public void setBody(String _body) {
    if (_body != null)
      body = _body;
  }

  public String getRedirect() {
    String ret="";
    if (subject != null)
    {
      ret="?subject="+subject;
    }
    if (body != null)
    {
      ret+= "&body="+body;
    }
    return getRedirectString()+ret;
  }

  public String getRedirectString() {
    return("mailto:"+user+"@"+domain);
  }

  public boolean getOkToProcess()
  {
    if (user == "") return false;
    if (domain == "") return false;
    if (user.length() == 0) return false;
    if (domain.length() == 0) return false;
    return true;
  }
}
   

The net means business
Never before has it been possible to interact with such a vast market. Your business can extend right to the place you want it the most : your customers.  
Automated ebusiness is now very much an everyday reality across the globe.

Mobile Information
Instant access to realtime data. Make updates from any device and see it change on all connected systems. All views of your data are supplied from one central  
source. Use timely, accurate information where you need it the most - all secured by industry-standard encryption systems as used by the military and governments.

Your business is unique
No-one knows your business better than you. When extending it to the internet your individuality will be preserved. Methodologies exist which enable tried and  
tested business systems to be implemented modelling perfectly the business rules and logic you are using today.
Home | ecommerce | Technical | Clients | News | Contact | Consultancy | Partners | Links | Press pack |
Want your news on this web site? Have an opinion on it? Contact us
Established 1987. Copyright © 1999-2004 Carmichael Data Systems Ltd. All Rights Reserved. Privacy Statement.