Joomla's lovely email cloaking feature hides email addresses in bits of Javascript - which is nice, but has the side effect of breaking the onclick event tracking that you need to track someone clicking on a mailto: link in Google Analytics.
Does anyone know of a cunning way of tracking the mailto in Joomla? (I've got a not so cunning way to do it: turn off email cloaking, but I'd rather not do that)
Sure there's a much better way. Use one of any number of form extensions and use forms instead of mailto links. Turning off the cloaking is just asking for everyone's email to be spammed in to oblivion and you can set up goals to track your submitted forms. It will also save you headaches if you ask your visitors for the info you would need to collect from them to reply to their inquiry as well.
Related
I've been trying to search for ways via app script and add-ons that allow us to customize a google form's confirmation page once the user clicks on the submit button. So far, resources have been mentioned that this isn't possible, but the latest reference I saw was in 2014, so not sure if there were any updates already.
I'm good if it's an add-on as well, but I do prefer script so that I can learn and avoid paying.
Alternatively, is it possible to redirect a user to a custom URL based on his/her response once s/he clicks on submit?
Hoping for your guidance on this. Thanks!
Maybe Google Chat is the answer you've been looking for
I believe that it is impossible because we have no access to the that instance of the form. Once the form is submitted we could send the user any email but I think that's about it.
However according to my research you could use google apps script to set up an interactive chat message. Here's some addition information for setting up a webhook for Google Chat. Let me know if you have any success with this suggestion.
I'm working on my contact form, and I want to make it as spam-proof as possible. I'm using a few methods to as counter-attacks:
Validate email legitimacy w/ a JavaScript regular expression
Validate if all fields have adequate values
Make an invisible field to entice bots
Disable the form if JavaScript is disabled
Now, my question is will a radio button asking the individual if he/she is human be a good method to avoid bots, or do bots have the ability to select a radio button?
They may have the ability, but would they select the right one?
Please leave suggestions below!
(Preferably something not captcha. More PHP or Javascript.)
Unfortunately, bots can select a radio button.
But the invisble field is a good idea and you can also try Askimet, an anti-spam service.
In case of radio, spam bots may either choose default choice or the first choice. this link might help you
Most bots just select the de facto form or common norms previously set up within your application.
If you're attempting to fight email spam then you're better off with server side validation of email formatting and cross referencing SPF records. This prevents abuse from the client side(and bots are basically automated client software).
A captcha is another method of preventing spam.
However the best method that has come out in the industry as of late is the use of OAUTH and requesting a service like Facebook or Google+ to get a valid email address from your users.
I would like to know more about the solutions to restrict registering for a website for humans only.
Captcha may seem a proper solution but as it turns out it's not as good as it sounds.
And it's not a problem if a solution is not an option for blind, deaf people etc..
My newest web app uses a process that makes this really easy for the user and secure for me.
User goes to login page, enters their email address and clicks an "I am signing up" checkbox.
The user clicks "register", their email address gets inserted to a temporary SQL table (called signups) and an email with a verification link is sent to the email address.
The user clicks the verification link which takes them to a "create password" page.
After the user creates his password, the email address and password are inserted into the users table–and the entry in the signups table is deleted.
This makes it easy and reliable.
The signups table also includes a random SHA1 hash (for the verification link), a timestamp set for 12 hours after the sign up, and IP Address.
All entries in the signups table that have an expired timestamp get removed at certain parts of the day.
Update
Since writing this answer, I have found that keeping a signup form secure from robots is a never-ending battle.
As time goes on, new technologies and methods are being developed to circumvent security measures. The best thing any dev team can do is periodically be checking the quality of signups, and thinking of ways to make their signup form both more secure and intuitive to use.
Yeah, it is a good bit of work and resources that go into it, but having confidence in your signup form and quality of signups is well worth the expense.
Depending on how targeted your site is, using a honeypot can be quite effective.
In short, you have a field on your form with a common name -- let's say email. Your actual email field has some other random name like larp.
Hide the email field using CSS, and include a text label instructing users to leave that field blank, should they happen to see it.
If any registrations come in with the email field filled in, send a success message back then drop it.
Verifying the e-mail address and allowing only users who have verified their e-mails is the easiest and quickest solution.
You could have users listen to an audio file, and enter the word into a text box. That's what I wanted to do for phpBB3, but alas, they do not allow HTML markup for their verification questions. Alternatively, you can do defense in depth, and have a CAPTCHA be only part of the process.
Instead of captcha (typing in words displayed in an image) I've seen websites that require you to answer a question, usually basic math. I haven't implemented these, but I've seen them several places so it must be something that's a plugin for various CMSes and soforth.
Bottom line is, any system will eventually be circumvented. You can minimize bot-registrations, but I can tell you from experience that there are people out there who will pay other humans (who can pass just about any test) money to sign up for web sites - the pay is generally really poor, but there are always people who will find that acceptable.
So along with whatever solution you use, you'll want to periodically re-evaluate that solution, AND you'll want to have a human being review new registrations (maybe once a day?) to weed out the few 'bots that do get through.
How to use JS spam protection on email to hide the form from spam bots.
You don't. Putting JavaScript into email is a very bad idea for potential security and privacy violations. Instead include a link in your emails to the form on a web page. Email is inherently private and the web is inherently public. If exposing the form to a user is not a private event then it should not go in an email.
I'm not sure that I'm answering your question correctly, there isn't much detail.
I think what you're asking is how you can hide email addresses, in html, from spam bots - in which case here is the answer (there is no point in me paraphrasing it):
http://joemaller.com/js-mailer.shtml
I'm not sure this is affective any longer, if it ever was, but I was under the impression that encoding your email address in hex was one effective way to limit spam harvesting.
e.g.; mailto: is the leading "mailto:"
I've been using it on my site, but I also use Google apps for domain email, so it catches all the foo that does come through.
I am working on a website and would like for my users to be able to give feedback as easily as possible. I know one way but I've always hated it:
Click Here to be annoyed!
Is there a way in JavaScript or HTML to allow my users to email me without having to go through a lot of trouble?
A CONTACT FORM:
avoids spam bots that pick up 'mailtos'
allows you to validate that the form user is 'human' (optional captcha)
gives you total server-side control over data format
allows you to change your email easily from the server, anytime
hides your favorite, real email from your visitors/members/site users
gives you the option to control the topic (via select menu, etc.)
gives you an opportunity to have the user check off something extra
e.g., a survey question, subscription opt-in, interest in services, quote, etc.
gives you an opportunity to return a thank you (or sales page) after submission
gives you another opportunity to look professional
There's no question the link is the easiest initially-- a simple click; but, all things considered, I whole-heartedly agree that a contact form is the way to go for most purposes, for the reasons I listed above, and more.
Well, since Tom challenged me, ;) Here are a few copy-and-paste contact widgets that you can have up and tested in a minute or so.
Some Customizable Flash Contact/MailTo Widgets:
http://www.widgetbox.com/widget/contactify-widget-beta A customizable contact form. The style is highly customizable.
http://www.widgetbox.com/widget/contact-emailer-version3-rajwidgetbox
Use this gadget in your web site's
contact page. Avoid spams by not
providing your email address in your
site or blog. This gadget is highly
customizable. This uses image
verification code feature. Multiple
languages are supported. Version 3.
3300 downloads
http://www.widgetbox.com/widget/ultimate-antispam-email-link
Now, if you really do not want a
form, but do want an email link that
spam bots cannot pick up, here's the
widge for you. In the custom area,
you define your parties and mailto
addresses. It's a simple flash
button, so the user doesn't see it
until it opens their mail client.
The way you describe is the easiest way in my opinion.
If you want the email typed up there in the page like a form, you might want to create an email/suggestion form or alternative.
You can provide a multiline text box for comments and a submit button, POST the text to your server, and then mail it to yourself on the server. That spares your users a trip to their mail clients, at the cost of depriving you of a reasonably-likely-valid reply-to address.
You could even use AJAX and spare them a screen refresh.
Google Docs supplies creating webforms that can be easily embedded in websites. It collects all data in an on-line spreadsheet which you can download at anytime in various formats. You can even set e-mail notification if a visitor filled out your contact form.
I would create a form that users can provide feedback in, and then have your server write this into a database. Writing to a DB is likely going to make it more efficient for you to wade through feedback. Having users fill a form instead of sending you free-form email also help you enforce some kind of structure on the feedback or the metadata associated with the feedback (bug/feature request/comments, etc).
The most reliable way would be to send the email with the help of some server side processing.
You can also do it using an HTML form with the help of the action attribute:
<form action="mailto:user#example.com">
...
</form>
But this method may not be reliable for all browsers.