tags:

views:

155

answers:

3
+1  Q: 

Software that clicks e-mail links on page?

We are experiencing a strange bug on our website which we think is related to the software installed on user's computers. We have an e-mail link on a lot of pages, which is created using Javascript (so spambots won't get it).

It seems the link is "clicked" automatically on some user's machines. Some users then discard the window by clicking Send on the e-mail window that pops up, resulting in a ton of e-mails to us.

When inspecting the Apache log, nothing weird can be seen in the browser string. Can this be a download accelerator/prefetcher gone haywire? Any other theories as to what this might be?

The link in the HTML is written like this (it is autogenerated by Smarty):

<script type="text/javascript" language="javascript">
<!--
{document.write(String.fromCharCode(60,97,32,104,114,101,
  102,61,34,109,97,105,108,116,111,58,115,117,112,112,111,114,
  116,64,112,114,111,118,101,46,110,111,63,115,117,98,106,101,99,
  116,61,82,101,102,101,114,97,110,115,101,110,117,109,109,101,114,
  37,50,48,49,53,48,48,34,32,62,83,101,110,100,32,115,112,38,111,115,
  108,97,115,104,59,114,115,109,38,97,114,105,110,103,59,108,46,60,47,97,62))}
//-->
</script>
A: 

My only suggestion would indeed be that some program (browser, extension, bot, indexer) reads the page and then opens the link and sends the mail, but I've never seen that before.

Is there anything you can see from the mail messages you get? Recurring IP addresses or X-Mailer?

Perhaps you can ask one of the users about their system setup - you have their e-mail address.

Jeroen Heijmans  2008-11-12 13:05:41
These come from actual users, not a bot. We have made contact with one user, who confirmed the event order mentioned in the question. Our users view a lot of pages, so one e-mail per page becomes a lot of e-mails.
Vegard Larsen  2008-11-12 13:48:21
+3  A: 

Could something in the browser be prefetching the links? For example, the Firefox extension Fasterfox does that (which is the reason why I don't use it). I seem to remember Google at one time also had brought out a browser accelerator using the same concept. And the AVG antivirus' Linkscanner is infamous for doing it too (all in the name of scanning for bad sites).

In short: don't use links for something that changes a state, for example for logging out, deleting a record (gasp!) or sending email. Use a button instead.

bart  2008-11-12 14:39:53
I don't think Fasterfox can be stupid enough to click an e-mail link? This is a HTML <a href="mailto:">-style link. I'm going to test FasterFox just to be sure.
Vegard Larsen  2008-11-13 08:06:06
A: 

Personally, I'd try to solve this by changing from a mailto: link to a contact form - though that doesn't directly answer the question you asked.

The other suggestions of link pre-fetchers seem the most probable.

I suppose it might even be related to caching from an ISP, if it's trying to pre-spider a page so the linked-to pages load quicker?

warren  2009-09-01 07:43:37

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?