I was asked if changing an email's subject is possible when someone receives it in Outlook. Is it?
I was thinking it may be. The same way user agents are used for browsers maybe? I'm pretty new to emails but searching on the internet didn't help and I've already spent a few hours doing that.
You don't have to solve it for me, just point me to the right direction would suffice. Either way it's something I would like to learn doing.
TL;DR Email subject text change based on recipient (Outlook specifically).
Email clients do not support dynamic code, so you can't do this with client-side JavaScript.
SMTP servers sending email have no way of knowing which client will be used to open the email. (They don't send email in response to the email client asking for it).
What you want is impossible.
Related
So, I have a site where I'd like users to send a document (preferably) a pdf file or word doc on button click to a specific email address.
I read that mailto is not a good way to do it because of all the potential spam thats possible from spambots. Disassembling and reassembling the email address doesn't seem that hard to crack either. I don't understand how encoding works so I'd be grateful if someone explains that.
What I would like is: when the user clicks the send button, it opens up an email client with the address of the recipient and of course the mail client would have the ability to send attachments. Whats a good way spam protected way to do this?
The mailto protocol does not include attachments. And it would be a huge security issue as well. Some Outlook-related examples can be found on the internet, but in the case it has been working in the past, it is not possible nowadays and at least not platform independent in every case.
You can't send files with mailto. What you should do instead, which would also protect you from spam bots, is upload the file to your server and send the mail with the attached file from there.
Indeed it is an awesome day to everyone but not for me because I've been handling this battle cry for more than 13 days now and cant get it done. I have searched across the web but cant find the solution that can get my butt out of this mess. And yes stackoverflow is always my last resort when things get worse.
Can anyone suggest what is the best way(or even alternative) in sending email using js or jquery ?. Perhaps a simple snippet would do. Thanks!
You cannot send an email within the client browser. If your website is running on your own webserver, you can send a request from within the browser to your server that sends an email. If you're running a node.js server, there are many email apis.
For example, my business is a Mailjet customer, and so I can use the node-mailjet api on my server-side. Also there's https://nodemailer.com/ and similar npm packages.
Sending email only using javascript on client-side is not possible. By that you would give full control to user what and where he sends email - cool spam solution..
I wouldn't recommend to expose service from server that send email to client-side from server-side with full settings of message that will be sent. You don't want to allow spamming.
Only good approach is to predefine email on server and then when triggering action occurs resolve dynamic values in email on server and send email from server. Still you have to ensure user cant spam with some security policy.
So how to get out of this ? Implement service on server that will send emails for you (called with AJAX), lets say by code name and parameters. On server-side, choose template by code-name and resolve it by parameters passed with server request. Implement you security policy so you can be sure user cant spam (for example when user can choose to which email address will be message sent). Then pass it all to SMTP.
I know this question has been somewhat answered already in that using client-side scripting does not send emails, but please bear with me. I would like to have a 'send email' form on my website. The thing is that the website will be used by a handful of people who do have an email client installed. So I DO want to use their installed client, but I don't want the client to pop up. Is it possible to have the client do the work and send the email in the background, or must it popup every time?
If it is not possible, can anyone direct me to which server-side scripting language would be the most efficient at emailing a form? And if there are any relevant online tutorials on the matter?
Thanks for your time
I would like to know more about the solutions to restrict registering for a website for humans only.
Captcha may seem a proper solution but as it turns out it's not as good as it sounds.
And it's not a problem if a solution is not an option for blind, deaf people etc..
My newest web app uses a process that makes this really easy for the user and secure for me.
User goes to login page, enters their email address and clicks an "I am signing up" checkbox.
The user clicks "register", their email address gets inserted to a temporary SQL table (called signups) and an email with a verification link is sent to the email address.
The user clicks the verification link which takes them to a "create password" page.
After the user creates his password, the email address and password are inserted into the users table–and the entry in the signups table is deleted.
This makes it easy and reliable.
The signups table also includes a random SHA1 hash (for the verification link), a timestamp set for 12 hours after the sign up, and IP Address.
All entries in the signups table that have an expired timestamp get removed at certain parts of the day.
Update
Since writing this answer, I have found that keeping a signup form secure from robots is a never-ending battle.
As time goes on, new technologies and methods are being developed to circumvent security measures. The best thing any dev team can do is periodically be checking the quality of signups, and thinking of ways to make their signup form both more secure and intuitive to use.
Yeah, it is a good bit of work and resources that go into it, but having confidence in your signup form and quality of signups is well worth the expense.
Depending on how targeted your site is, using a honeypot can be quite effective.
In short, you have a field on your form with a common name -- let's say email. Your actual email field has some other random name like larp.
Hide the email field using CSS, and include a text label instructing users to leave that field blank, should they happen to see it.
If any registrations come in with the email field filled in, send a success message back then drop it.
Verifying the e-mail address and allowing only users who have verified their e-mails is the easiest and quickest solution.
You could have users listen to an audio file, and enter the word into a text box. That's what I wanted to do for phpBB3, but alas, they do not allow HTML markup for their verification questions. Alternatively, you can do defense in depth, and have a CAPTCHA be only part of the process.
Instead of captcha (typing in words displayed in an image) I've seen websites that require you to answer a question, usually basic math. I haven't implemented these, but I've seen them several places so it must be something that's a plugin for various CMSes and soforth.
Bottom line is, any system will eventually be circumvented. You can minimize bot-registrations, but I can tell you from experience that there are people out there who will pay other humans (who can pass just about any test) money to sign up for web sites - the pay is generally really poor, but there are always people who will find that acceptable.
So along with whatever solution you use, you'll want to periodically re-evaluate that solution, AND you'll want to have a human being review new registrations (maybe once a day?) to weed out the few 'bots that do get through.
How to use JS spam protection on email to hide the form from spam bots.
You don't. Putting JavaScript into email is a very bad idea for potential security and privacy violations. Instead include a link in your emails to the form on a web page. Email is inherently private and the web is inherently public. If exposing the form to a user is not a private event then it should not go in an email.
I'm not sure that I'm answering your question correctly, there isn't much detail.
I think what you're asking is how you can hide email addresses, in html, from spam bots - in which case here is the answer (there is no point in me paraphrasing it):
http://joemaller.com/js-mailer.shtml
I'm not sure this is affective any longer, if it ever was, but I was under the impression that encoding your email address in hex was one effective way to limit spam harvesting.
e.g.; mailto: is the leading "mailto:"
I've been using it on my site, but I also use Google apps for domain email, so it catches all the foo that does come through.