Vintners.net: sendemail script usage

Vintners.net: sendemail script use
Page last updated: 24-Dec-2002

Vinters.Net has provided (at no charge to its customers) a special application for the sole purpose of protecting email addresses from "spam" harvesting "robot"s. It is intended to be generic enough to suit all email addresses. This page details how a customer would go about setting up their web pages to use this application.

Click here for more general information about spam management at Vintners.Net.

The way spam email harvesting robots work is to simply fetch every page they can find, and search for "<A href="mailto:..."> links. Some will also look for anything that looks like an Internet email address, namely letters, dashes, dots, numbers followed by an @, followed by letters, dots, dashes, numbers.

The theory behind this app is that spam robots are not likely to "push buttons". To do so would mean many more possible permutations of any given page, with unlikely possibilities of getting more addresses, so it's unlikely that commonly ever done.

However, if you wish to be conservative and assume that buttons are indeed pushed by spam robots, we can accomodate you. Depending on how you configure your page, the email address can either be a ready-to-go directly clickable link, a link that must be manually modified by the sender, or no address offered but instead a fillin form that will be mailed by the server with the users info.

On your page -- as a button:

It's a bit tricky to set up, but not hard. In your HTML, for each email address, you add a GET or POST action <FORM ...> directive with a few hidden fields.

Here's a sample:

    <form method="POST" ACTION="http://vintners.net/cgi-bin/sendemail.pl">
      <input type="hidden" name="user" value="username">
      <input type="hidden" name="domain" value="domain.com">
      <input type="submit" value="get email address">
    </form>

And here's what it actually looks like: yielding text (not a mailto: link) of "username@domain.com".

You may add the hidden options= values.

none -- the default action is to simply display, as text (not as a clickable link), the email address. This is better than nothing, but is not recommended.
'a' -- Causes the address to be displayed as a clickable "mailto" link. Doing this without any other modifiers defeats the entire purpose, thus will cause an error unless other options are specified as well.
'b' -- Adds the magic incantation "sendemail-remove." after the @, thus creating an address that will bounce.
'c' -- Adds a space before and after the @ so as to make the address unparsable.
'd' -- Never offers an email address at all -- simply puts up a web form that takes the info for them, and emails it to the supplied address. When using this uption, you'll probably want to include the "page=..." value -- see below

There are also several optional text changes you may add to the resulting email link.

If a "page=http://<your-domain>/dir/page.htm" value is present, this will be included in the email you receive (option 'd' only). The value should be the URL of the web page that contains this sendemail.pl link.
Adding a "remove=value" arg. allows you to set your own "sendemail-remove" value -- as an example, I've seen "NOSPAM" used fairly commonly. (The presence of this implies option 'b'.) This will work nicely for now, but if everyone uses "nospam", robots will soon start stripping that when encountering it, making it moot.
Adding "atsign=value" allows you to replace the "@" used in the email address with your own chosen string -- this is often done with "(at)". This is very effective as the text no longer looks like an email address at all to the harvester robots. However, it's only a matter of time before they start checking for this as well.
Adding "title=value" will add a line like the following to the option 'd' form screen:
This email will be sent to: "value"

Line-by-line description:

The <FORM> line can be "GET" or "POST" method, however, we recommend the latter for security reasons; all the data is included in the URL with "GET" method. The action must be the path in the sample.
The hidden "user" line is where you put everything that goes to the left of the @. (Be careful to match the upper/lower case correctly.)
The next hidden line is where you include everything to the right of the @. (Be careful to match the upper/lower case correctly.)
The text in the submit button can say whatever you wish, simply enter it into the "value" section.

Samples -- as a button:
Options="ab": The person sending email can simply click on the link which will bring up their mailer program, but they must then go into the address bar and delete the word "sendemail-remove." from the address. eg; <input type="hidden" name="options" value="a">
which yields "username@sendemail-remove.domain.com" Options=c: <input type="hidden" name="options" value="c"> which yields "username @ domain.com"

Using as a link:
If you really don't want to use it as a button, you can use it as normal old HREF link, by calling out the URL from the ACTION above, following it with a question mark, then your settings, seperated by ampersands. eg;
<a href="http://vintners.net/cgi-bin/sendemail.pl?user=username&domain=domain.com&options=ac">options AC</a>
options AC which yields: "user @ domain.com"
Most importantly, if using this latter method, you must use one of the options. Spam robots will not be able to interpret this HREF as an email address on its own, however as it is a normal link, they will follow it. With no options, the resultant page does have the legitimate mailto: HREF which would completely defeat the purpose of using the script.

Here's a sample which replaces the "@" with "(at)": <a href="http://vintners.net/cgi-bin/sendemail.pl?user=username&domain=domain.com&atsign=(at)&options=ac">options AC, atsign=(at)</a>
options AC, atsign=(at) which yields: a clickable mailto: link, "user (at) domain.com"
This method is a sure winner as the spam robots will no longer even consider this to be an email address -- it's just more text. However, it's only a matter of time before the robots start looking for this too. (Doing this in a button is merely another "hidden" field, just like "user" and "domain".)

The safest method all around, is to never offer an email address at all. This may be less convenient for the sender as they're stuck with their web browsers' editor instead of their favorite email editor. The following method does this:
<a href="http://vintners.net/cgi-bin/sendemail.pl?user=user&domain=domain.com&options=d&page=http://vintners.net/webhelp/sendemailuse.html">options D</a>
options D

Lastly, you can choose to have a graphical confirmation string to protect from spam robots that fill in forms. Simply add the following two lines:
<input type="text" size=4 name="confirm"> 

The number 4 in this example dictates how many graphical characters to display, and require them to enter.

You can also create a sendemail.cfg file in your data directory. This file may contain:

MailServer: the mail server to use, typically localhost
VendorDomain: the domain name that mail should appear to come from
RequireNumbersConfirm: number of graphical numbers to display/require

Don't hesitate to call if you have problems with it or think of features you'd like to see added to it. Contact us.