Twitter Facebook LinkedIn friendfeed Plaxo StumbleUpon NetVibes
Sue Nolff's Weblog » Security

Sue Nolff's Weblog

website design & hosting, SEO, email marketing

Email linking on your site


The days of the mailto: email link should be long gone, but unfortunately there are still millions of those type of links out there. I don’t necessarily mean unfortunately for you or me; I mean unfortunately for the millions of people who are the poor recipients of email from such links out there.

There are thousands of nasty little spambots out there just searching the web hour after hour, zeroing in on that little snippet of code known as a mailto: email link. Bingo, when they find one, the email address that comes immediately after mailto: in the link will be massively bombarded over time with spam. Did you ever really wonder how that poor widow in Nigeria got your email address?

Every good web design company has an even better web programmer. That web programmer can spend up to 1/3 of his or her time just trying to stay one step ahead of the hackers and spammers. In larger companies, it can be a full time job.

The mailto: spam debacle is generally one of the easier problems to troubleshoot, and I’ve seen many different workarounds.

Some people just type out their email address but don’t make it a link. This is fine, but it forces the person who wants to email you to have to write it down, or copy it over to their email program in order to email you. That’s where human error enters the picture.

Some are even afraid to type out their full email address on a web page so they take that human error factor one step deeper and tell people to email them at myname at

Now, I’ve also seen some ingenious workarounds. I’ve seen code that turns typed email addresses into images of the letters because the spambots can’t read text in images. That one is pretty cool!!! But it’s also pretty complicated for the average site.

My favorite solution is a simple javascript, placed in an external javascript page. I’m so fond of it that I’m about to share it with you. Copy and paste the following into your external javascript page, or just in the head area of your page:

<script type=”text/JavaScript”>
<!- -
  function myEmail(prt1,prt2,id,subject){
    //redirect to mailto
    if (subject == undefined ){
      window.location = ‘mailto:’+ prt1 +’@'+ prt2;
      window.location = ‘mailto:’+ prt1 +’@'+ prt2 + ‘?Subject=’ + subject;
    return false;
- ->

Now instead of the mailto: email link in the body of your document use this:

<a href=”javascript:void(0);” onClick=”myEmail(‘myname’,'’,this,’Website Contact’);” title=”Click here to email us”>email us</a>

Now how cool is that?! And if you think about it, how much more simple could it be?


It is not hacking when you give them permission


Recently I had the opportunity to register myself as a user on someone else’s blog… and I was horrified by what happened (I very much like and respect this woman). I went through the registration process completely, and then logged into the site to make a comment on a blog post I thought was worthy of such.

I was shocked to find that not only could I make that comment, but I also could edit any other blog post on the site, and add new posts there. I convinced myself that surely the weblog’s owner had some kind of safety feature set that wouldn’t let me save any edits I tried to make, or something… Being the polite person that I am, I wasn’t about to try to edit any of her posts, after all, what if some big bells and whistles went off that pointed a big finger at me for trying once I hit Save?!

After I left the comment I was there to leave, I left her site a bit befuddled, but soon forgot about it, telling myself that I know she knows better.

Lo and behold, about a week later I saw on a social site we both frequent that she was shutting down her blog immediately, probably permanently, because it had been HACKED. I am seriously left to wonder if it had really been hacked at all. After all, now it was apparent she had given the “hacker” permission to go into her site and do whatever he or she wanted to. I immediately tried to view her site out of curiosity, but sadly it was already gone.

This got me to thinking. How many blogs out there have the wrong permissions set for their users? I think it was my social friend’s intention to allow her readers to be able to comment on posts on any of her pages, but she inadvertently gave them editor, author, or contributor permission to edit all her pages and posts instead. Permissions, to the unknowing eye can by extremely difficult to understand. They can also be devastating if you set them up wrong, as she has now learned.

Please, please, please do a test run of your blog as if you are a new user immediately after launching! Try it out to see how far you can go. New users should only be able to comment on your blog posts as Subscribers, nothing more. Never over give permissions to your blog’s users and assume they will be courteous about it. Hackers are NOT courteous!


posted under Home, Security | 1 Comment »

Copyright ©2019  •  hosted at