viebrock.ca
Fix to Email Protection
In my previous article, Email Protection, I showed a technique for obscuring email addresses in what would appear to be regular HTML links. Combined with the Turing Protection, this has proved to be a popular and effective technique of preventing your site from being trolled for addresses.
However, it means that anyone can use your site to protect their own email addresses, leeching your server resources and bandwidth. So, let’s fix that.
The fix is very simple. If you recall, the link you used for email looked like this:
<a href="/send/foo/example.com/Subject">mail me</a>
The script then parses the request string to build the mailto: URI.
All we need to add is check that the email address (or, more simply, just the domain part of the email address) is in a list of allowed addresses. If not, send an error instead.
You can also get fancy and log these unauthorized attempts, along with the referring URL, to see who is trying to leech off of you.
You can take a look at the revised code here.
As always, comments are welcome. And special thanks to Moustafas for pointing this out to me … although I suspect he won’t be happy that I’ve closed this hole.
Comments
Copyright © 2000-2010 Colin Viebrock • All Rights Reserved
I have updated your email protection, and all works well, except when I link to the email address, my mail program (Mailsmith) opens two (2) new documents instead of one.
Do you have any ideas why this may be so?
6 October 2005, 19:22 • PermaLink
Greetings
I ran across this website today and this Email Protection looks like one of the best I’ve found after searching for about 2 weeks now. However I am a newbee regarding html and php although I do run some php apps on my website. What I don’t understand is how to use the email url and link it to the php script here. Can some one tell how they’re tied together.Thanks
9 March 2006, 23:45 • PermaLink
Don’t worry, I figured it out thanks to Google!
10 March 2006, 01:45 • PermaLink