Mailer

**Rik** · Oct 25 '06, 03:25 AM

Re: Mailer

Shelly wrote:

I am looking for suggestions for the best way to do this. I can hack
it out to make it happen, but I thought I would make use of the
expertise to do it the best way.
>
I have a form with a drop-down list of users. I want to use a button
to send mail to the user that is currently showing in the drop-down
list. When this button is pressed, I want the user's default email
program to come up with the email address of that person filled in.
(the email addresses are in the database and can be retrieved easily).
>
I can go to the process of having a separate mail form with a text
box and gathering all the info and then using mail() to send it. Or,
I can have the button exercise some code that runs separate window
and exercises a mailto in the html area with the address filled out
and then kills the window, leaving the user's email reader up there.
>
Both seem rather cumbersome. Is there an easier way?

No.
Either use javascript for a emulate a click on a 'mailto:' link, which is
highly unreliable, or use a form. That would not neccesarily require
another page, just another textarea & button.

Even if (and that's a big if) the UA will grant the 'mailto:' option, there
is no way to know for sure this UA:
1. Knows which is the default email-program.
2. Succeeds in opening the emailprogram.

There is another way: give the users emailadress, and let them open their
emailclient themselves.
--
Rik Wasmus

**Jerry Stuckle** · Oct 25 '06, 10:15 AM

Re: Mailer

Shelly wrote:

I am looking for suggestions for the best way to do this. I can hack it out
to make it happen, but I thought I would make use of the expertise to do it
the best way.
>
I have a form with a drop-down list of users. I want to use a button to
send mail to the user that is currently showing in the drop-down list. When
this button is pressed, I want the user's default email program to come up
with the email address of that person filled in. (the email addresses are
in the database and can be retrieved easily).
>

No you don't. This will expose the user's email address to the world.
These will quickly be harvested by 'bots and your users' email addresses
sold to spammers. Don't ever display an email address on a webpage.

I can go to the process of having a separate mail form with a text box and
gathering all the info and then using mail() to send it. Or, I can have the
button exercise some code that runs separate window and exercises a mailto
in the html area with the address filled out and then kills the window,
leaving the user's email reader up there.
>
Both seem rather cumbersome. Is there an easier way?
>
Shelly
>
>

Use the form. Your textbox can be on the same page or another one.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Shelly** · Oct 25 '06, 10:25 AM

Re: Mailer

"Rik" <luiheidsgoeroe @hotmail.comwro te in message
news:64989$453e dcfb$8259c69c$1 2384@news1.tude lft.nl...

Shelly wrote:

>I am looking for suggestions for the best way to do this. I can hack
>it out to make it happen, but I thought I would make use of the
>expertise to do it the best way.
>>
>I have a form with a drop-down list of users. I want to use a button
>to send mail to the user that is currently showing in the drop-down
>list. When this button is pressed, I want the user's default email
>program to come up with the email address of that person filled in.
>(the email addresses are in the database and can be retrieved easily).
>>
>I can go to the process of having a separate mail form with a text
>box and gathering all the info and then using mail() to send it. Or,
>I can have the button exercise some code that runs separate window
>and exercises a mailto in the html area with the address filled out
>and then kills the window, leaving the user's email reader up there.
>>
>Both seem rather cumbersome. Is there an easier way?

>
No.
Either use javascript for a emulate a click on a 'mailto:' link, which is
highly unreliable, or use a form. That would not neccesarily require
another page, just another textarea & button.
>
Even if (and that's a big if) the UA will grant the 'mailto:' option,
there
is no way to know for sure this UA:
1. Knows which is the default email-program.
2. Succeeds in opening the emailprogram.
>
There is another way: give the users emailadress, and let them open their
emailclient themselves.
--
Rik Wasmus

Thanks, Rik. That is what I was afraid of. The users in this case is the
owner of the site (and not technically savvy). Part of the spec is to be
able to send email to a person on the client list. So, I will simply have a
full page available with a text area and look like a mail form - or just a
text field for the subject and a text area for the message. I will then use
the mail() function. While I am at it, I guess I'll include another button
to send to his entire client list.

It would have been nice if there were a function to open the default email
client from php.

Shelly

**Shelly** · Oct 25 '06, 10:35 AM

Re: Mailer

"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
news:mMmdnbxEQK 61o6LYnZ2dnUVZ_ r6dnZ2d@comcast .com...

Shelly wrote:

>I am looking for suggestions for the best way to do this. I can hack it
>out to make it happen, but I thought I would make use of the expertise to
>do it the best way.
>>
>I have a form with a drop-down list of users. I want to use a button to
>send mail to the user that is currently showing in the drop-down list.
>When this button is pressed, I want the user's default email program to
>come up with the email address of that person filled in. (the email
>addresses are in the database and can be retrieved easily).
>>

>
No you don't. This will expose the user's email address to the world.
These will quickly be harvested by 'bots and your users' email addresses
sold to spammers. Don't ever display an email address on a webpage.

I wasn't planning to do that! I only display the username. When the user
(the owner of the site -- not technically saavy) clicks to send an email to
that client, the email address is obtained from the database and stuffed
into the mailer routine.

>

>I can go to the process of having a separate mail form with a text box
>and gathering all the info and then using mail() to send it. Or, I can
>have the button exercise some code that runs separate window and
>exercises a mailto in the html area with the address filled out and then
>kills the window, leaving the user's email reader up there.
>>
>Both seem rather cumbersome. Is there an easier way?
>>
>Shelly

Use the form. Your textbox can be on the same page or another one.

Two votes for the form -- you and Rik. I trust you guys so I'll go the form
route. I just thought it would be sexier to have his email program brought
up.

Shelly

**Jerry Stuckle** · Oct 25 '06, 10:55 AM

Re: Mailer

Shelly wrote:

"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
news:mMmdnbxEQK 61o6LYnZ2dnUVZ_ r6dnZ2d@comcast .com...
>

>>Shelly wrote:
>>

>>>I am looking for suggestions for the best way to do this. I can hack it
>>>out to make it happen, but I thought I would make use of the expertise to
>>>do it the best way.
>>>
>>>I have a form with a drop-down list of users. I want to use a button to
>>>send mail to the user that is currently showing in the drop-down list.
>>>When this button is pressed, I want the user's default email program to
>>>come up with the email address of that person filled in. (the email
>>>addresses are in the database and can be retrieved easily).
>>>

>>
>>No you don't. This will expose the user's email address to the world.
>>These will quickly be harvested by 'bots and your users' email addresses
>>sold to spammers. Don't ever display an email address on a webpage.

>
>
I wasn't planning to do that! I only display the username. When the user
(the owner of the site -- not technically saavy) clicks to send an email to
that client, the email address is obtained from the database and stuffed
into the mailer routine.
>

"When this button is pressed, I want the user's default email program.."

To send email from the user's email program, you will need to expose
the client's email to the spambots. You do NOT want to do this.

>

>>>I can go to the process of having a separate mail form with a text box
>>>and gathering all the info and then using mail() to send it. Or, I can
>>>have the button exercise some code that runs separate window and
>>>exercises a mailto in the html area with the address filled out and then
>>>kills the window, leaving the user's email reader up there.
>>>
>>>Both seem rather cumbersome. Is there an easier way?
>>>
>>>Shelly

>>
>>Use the form. Your textbox can be on the same page or another one.

>
>
Two votes for the form -- you and Rik. I trust you guys so I'll go the form
route. I just thought it would be sexier to have his email program brought
up.
>
Shelly
>
>

Personally, I don't think so. But it is a LOT more dangerous!

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**nemo@nemo_spam.com** · Oct 25 '06, 07:35 PM

Re: Mailer

On Wed, 25 Oct 2006 10:44:11 GMT, "Shelly"
<sheldonlg.news @asap-consult.comwrot e:

>
>"Rik" <luiheidsgoeroe @hotmail.comwro te in message
>news:64989$453 edcfb$8259c69c$ 12384@news1.tud elft.nl...

>Shelly wrote:

>>I am looking for suggestions for the best way to do this. I can hack
>>it out to make it happen, but I thought I would make use of the
>>expertise to do it the best way.
>>>
>>I have a form with a drop-down list of users. I want to use a button
>>to send mail to the user that is currently showing in the drop-down
>>list. When this button is pressed, I want the user's default email
>>program to come up with the email address of that person filled in.
>>(the email addresses are in the database and can be retrieved easily).
>>>
>>I can go to the process of having a separate mail form with a text
>>box and gathering all the info and then using mail() to send it. Or,
>>I can have the button exercise some code that runs separate window
>>and exercises a mailto in the html area with the address filled out
>>and then kills the window, leaving the user's email reader up there.
>>>
>>Both seem rather cumbersome. Is there an easier way?

>>
>No.
>Either use javascript for a emulate a click on a 'mailto:' link, which is
>highly unreliable, or use a form. That would not neccesarily require
>another page, just another textarea & button.
>>
>Even if (and that's a big if) the UA will grant the 'mailto:' option,
>there
>is no way to know for sure this UA:
>1. Knows which is the default email-program.
>2. Succeeds in opening the emailprogram.
>>
>There is another way: give the users emailadress, and let them open their
>emailclient themselves.
>--
>Rik Wasmus

>
>Thanks, Rik. That is what I was afraid of. The users in this case is the
>owner of the site (and not technically savvy). Part of the spec is to be
>able to send email to a person on the client list. So, I will simply have a
>full page available with a text area and look like a mail form - or just a
>text field for the subject and a text area for the message. I will then use
>the mail() function. While I am at it, I guess I'll include another button
>to send to his entire client list.

When I do that, I make sure that all the addresses go into the Bcc:
field, otherwise everyone gets to learn everyone else's address. I
read somewhere that if just one machine is infected with worms'n'stuff
everyone then starts to get shed-loads of spam.

>
>It would have been nice if there were a function to open the default email
>client from php.
>
>Shelly
>

**Shelly** · Oct 26 '06, 02:45 AM

Re: Mailer

<nemo@nemo_spam .comwrote in message
news:pofvj29bop 27b0ct2d89ju80q 5g95ul6rl@4ax.c om...

On Wed, 25 Oct 2006 10:44:11 GMT, "Shelly"
<sheldonlg.news @asap-consult.comwrot e:

>>Thanks, Rik. That is what I was afraid of. The users in this case is the
>>owner of the site (and not technically savvy). Part of the spec is to be
>>able to send email to a person on the client list. So, I will simply have
>>a
>>full page available with a text area and look like a mail form - or just
>>a
>>text field for the subject and a text area for the message. I will then
>>use
>>the mail() function. While I am at it, I guess I'll include another
>>button
>>to send to his entire client list.

When I do that, I make sure that all the addresses go into the Bcc:
field, otherwise everyone gets to learn everyone else's address. I
read somewhere that if just one machine is infected with worms'n'stuff
everyone then starts to get shed-loads of spam.

Good point. I'll do that.

Shelly

**Shelly** · Oct 26 '06, 02:45 AM

Re: Mailer

"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message

"When this button is pressed, I want the user's default email program.."
>
To send email from the user's email program, you will need to expose the
client's email to the spambots. You do NOT want to do this.

How is that so? When the button is pressed, I would find the email from a
database and then open the email program. Is it in the passing from the
current form to the email client that is the leak?

Anyway, I implemented a form and used mail().

Shelly

**Rik** · Oct 26 '06, 03:25 AM

Re: Mailer

Shelly wrote:

"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
>

>"When this button is pressed, I want the user's default email
>program.."
>>
>To send email from the user's email program, you will need to
>expose the client's email to the spambots. You do NOT want to do
>this.

>
How is that so? When the button is pressed, I would find the email
from a database and then open the email program. Is it in the
passing from the current form to the email client that is the leak?

Well, a *then* I will find the emailadress is not true. If you want this,
you'll have to look it up earlier, and have it within your HTML/possbly JS
code.]

Jerry is mainly concerned (as am I), that people giving their emailadress
to one party, agreeing to be mailed by them, will not have to worry about
their emailadress being harvested from the source, or from a mail to
others. So, tell us this is on a really secure backend for your client,
which is impossible to access by any other then that client.

Anyway, I implemented a form and used mail().

Good choice, and make sure that form is not in any way publicly available.
--
Rik Wasmus

**Shelly** · Oct 26 '06, 10:25 AM

Re: Mailer

"Rik" <luiheidsgoeroe @hotmail.comwro te in message
news:5cd4a$4540 2d85$8259c69c$1 1663@news2.tude lft.nl...

Shelly wrote:

>"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
>>

>>"When this button is pressed, I want the user's default email
>>program.."
>>>
>>To send email from the user's email program, you will need to
>>expose the client's email to the spambots. You do NOT want to do
>>this.

>>
>How is that so? When the button is pressed, I would find the email
>from a database and then open the email program. Is it in the
>passing from the current form to the email client that is the leak?

>
Well, a *then* I will find the emailadress is not true. If you want this,
you'll have to look it up earlier, and have it within your HTML/possbly JS
code.]
>
Jerry is mainly concerned (as am I), that people giving their emailadress
to one party, agreeing to be mailed by them, will not have to worry about
their emailadress being harvested from the source, or from a mail to
others. So, tell us this is on a really secure backend for your client,
which is impossible to access by any other then that client.
>

>Anyway, I implemented a form and used mail().

>
Good choice, and make sure that form is not in any way publicly available.
--
Rik Wasmus

The form is protected. When the admin logs in, I check his password and
privileges. I set a session variable for his username. At the top of each
admin page, I check that username for his privileges. If not met, I leave
that page and divert to a neutral home login page available for all users.
These admin pages are in a separate directory. I could set a session
variable for his privilege as well, but instead I check the database each
time.

Any additional suggestions?

Shelly

**Jerry Stuckle** · Oct 27 '06, 12:05 PM

Re: Mailer

Shelly wrote:

"Rik" <luiheidsgoeroe @hotmail.comwro te in message
news:5cd4a$4540 2d85$8259c69c$1 1663@news2.tude lft.nl...
>

>>Shelly wrote:
>>

>>>"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
>>>
>>>
>>>>"When this button is pressed, I want the user's default email
>>>>program.. "
>>>>
>>>>To send email from the user's email program, you will need to
>>>>expose the client's email to the spambots. You do NOT want to do
>>>>this.
>>>
>>>How is that so? When the button is pressed, I would find the email
>>>from a database and then open the email program. Is it in the
>>>passing from the current form to the email client that is the leak?

>>
>>Well, a *then* I will find the emailadress is not true. If you want this,
>>you'll have to look it up earlier, and have it within your HTML/possbly JS
>>code.]
>>
>>Jerry is mainly concerned (as am I), that people giving their emailadress
>>to one party, agreeing to be mailed by them, will not have to worry about
>>their emailadress being harvested from the source, or from a mail to
>>others. So, tell us this is on a really secure backend for your client,
>>which is impossible to access by any other then that client.
>>
>>

>>>Anyway, I implemented a form and used mail().

>>
>>Good choice, and make sure that form is not in any way publicly available.
>>--
>>Rik Wasmus

>
>
The form is protected. When the admin logs in, I check his password and
privileges. I set a session variable for his username. At the top of each
admin page, I check that username for his privileges. If not met, I leave
that page and divert to a neutral home login page available for all users.
These admin pages are in a separate directory. I could set a session
variable for his privilege as well, but instead I check the database each
time.
>
Any additional suggestions?
>
Shelly
>
>

Well, first of all, you didn't clarify this is an admin page. If it's a
public page I can easily intercept the email address and spam the hell
out of your users. On an admin form it's a little harder. Virtually
impossible if you use SSL on an admin page. But also if you use an
email form and never send the email address to the user in the first place.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Mailer

Mailer

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment