Receiving emails when someone views my site

In article <11*********************@l41g2000cwc.googlegroups. com>,
<bo****@springbock.net> wrote:

<form action="/cgi-bin/mailmanager.pl" method="post">
<input type="hidden" name="recipient"
value="bo****@springbock.net">

Is this a potential source for spam? I am very suspicious about any
cgi program that receives an email address as in this example.

--
Göran Larsson http://www.mitt-eget.com/

I can't image. The CGI in question is supplied by my ISP; they already
know my email address, so they already could spam me if they wanted.
It is possible that a web-crawler could find my address in the HTML and
send spam to it...I've heard this happens but haven't personally
experienced it. In any case, I plan on using a temporary/dummy email,
which can be shut down at any time.

The user causing the email to be sent has no risk, since their e-mail
isn't exposed.

Walter

in comp.infosystems.www.authoring.html, bo****@springbock.net wrote:

I can't image. The CGI in question is supplied by my ISP; they already
know my email address, so they already could spam me if they wanted.
That is not the problem.
It is possible that a web-crawler could find my address in the HTML and
send spam to it...I've heard this happens but haven't personally
experienced it.
That is not problem either.
In any case, I plan on using a temporary/dummy email,
which can be shut down at any time.
Problem is not you getting lots of bad mail. Problem is other people
getting spammers stuff.
The user causing the email to be sent has no risk, since their e-mail
isn't exposed.

Try the form with address that your ISP don't know. Does it still work?
If it does, then it is problem.

--
Lauri Raittila <http://www.iki.fi/lr> <http://www.iki.fi/zwak/fonts>
Utrecht, NL.

In article <11*********************@l41g2000cwc.googlegroups. com>,
bo****@springbock.net enlightened us with...

This sends a blank email to me when the user clicks the "Submit"
button. Is there any way emails be sent w/o user interaction?
Only if the user has javascript enabled. Well, unless you run it server-side,
but that won't help you (see below).
See
document.formname.submit();
and
<body onload="somefunction()">.

Keep in mind that form submittal generally makes the location of the document
in the window change. You may need to specify a different target.
I would
like to receive emails every time someone visits my site, it containing
information about their configuration (e.g. user language, whether
cookies are activated, whether javascript is enabled, what JVM is being
used, etc.).
If you're looking for stats, the most reliable stuff comes from headers sent
by the browser (though those can be, and are, sometimes faked i.e. Opera
sending as MSIE). Your host should provide you with logged stats. If they do
not, switch hosts.
Other than that, you'd have to run client-side testing to discover things
like whether cookies are *enabled* (that is, write one, then read it back).
Good luck finding the JVM version. :)
Any client-side testing requires client-side scripting - javascript, usually,
though MSIE supports VBScript.
I would certainly question your motives for doing something that comes darn
close to violating a user's privacy, though.

I have neither root access on the server, nor can I use personal
server-side scripts. My ISP has lots of CGIs for me to use, but others
aren't allowed.

I'd switch hosts. It's not like it's hard to find one that is inexpensive and
DOES allow custom scripts or at least support PHP and/or SSI.
--
--
~kaeli~
Kill one man and you are a murderer. Kill millions and you
are a conqueror. Kill everyone and you are God.
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

My ISP doesn't allow forms to send emails to third-parties. I have to
be the recipient. (I even just tried sending an email to a buddy who
has a website on the same ISP, and it didn't work.)

Thanks, Kaeli...a coworker of mine just showed me the javascript
solution, which should work. I wanted a pure HTML solution, but that's
probably too much to ask.

I would certainly question your motives for doing something that comes darn close to violating a user's privacy, though.
You're kidding, right? Why on earth is the information available, if
not to use? Programs use this information constantly to conform better
to the user. I mean, the base assumption behind sandboxes is that
there *is* information that is safe to expose, and that can be used to
build a better presence.
I'd switch hosts.

My ISP *does* present the possibility, I just don't want to pay for it.
As long as I can get away with client-side scripting, I'm golden.

Walter

In article <11**********************@o13g2000cwo.googlegroups .com>,
bo****@springbock.net enlightened us with...

I would certainly question your motives for doing something that

comes

darn close to violating a user's privacy, though.

You're kidding, right? Why on earth is the information available, if
not to use? Programs use this information constantly to conform better
to the user. I mean, the base assumption behind sandboxes is that
there *is* information that is safe to expose, and that can be used to
build a better presence.

Honestly?
I like to believe that most people would be honorable and use the info for
just that.
Unfortunately, like many things that sound good in theory, spammers and
malicious people have found ways to circumvent the sandbox and invade
people's privacy. MSIE is notorious for accidentally allowing such things to
happen (the infamous buffer overflow).
Because of the nasty people, now we all have to consider what we post on
public forums out of fear that some will use the information we posted to do
bad things.

Think about it -- my public records, freely available, say everything about
me. Someone can go buy my credit history, find out what properties I own, and
more. Some people have legit reasons for wanting that. Others will use it for
identity theft.

--
--
~kaeli~
A chicken crossing the road is poultry in motion.
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

kaeli wrote:

Think about it -- my public records, freely available, say everything about
me. Someone can go buy my credit history, find out what properties I own, and
more. Some people have legit reasons for wanting that. Others will use it for
identity theft.

Kaeli, I think you're over reacting just a little. The kind of
information the OP is interested in cannot possibly be used for anything
that serious.

NullBock, if you insist on recieving an e-mail everytime someone loads a
document and you aren't worried about recieving an abundance of e-mails
sent every single time a user reloads a page, why don't you try writing
a cgi script that sends an image back, but in the process also sends off
your e-mail by including this within your pages.

<img src="/cgi-bin/counter" alt="" height="1" width="1">

The script could just return a useless spacer gif or even a hit counter
if you want to go back to '90s craze of letting others know how many
visitors you've had just so you can boast about how (un)popular your
website is. The e-mail address and whatever else you need can be coded
into the script, without it needing to be present in the markup.
Although, I don't recommend that method, it's a waste of time when all
the hard work of creating useful statistics has already been done by
many statistics companies.

Why don't you try a service that provides free statistics like that, if
you're not willing to pay for that provided by your ISP or switch to one
that has that included in the package. There are many services that
offer such services:
http://www.google.com/search?q=Free+Web+Site+Statistics
--
Lachlan Hunt
http://lachy.id.au/
http://GetFirefox.com/ Rediscover the Web
http://SpreadFirefox.com/ Igniting the Web

NullBock wrote:

My ISP *does* present the possibility, I just don't want to pay for

it.

Even Geocities provides statistics for their free web pages. If your
hosting service charges extra for stats, it's time to switch.

RFM