Fog Creek Software
Discussion Board




Welcome! and rules

Joel on Software

Spam Proofing our discuss boards

Hi.  My name is Charles, and I am an intern here at Fogcreek.

I want to let all the contributors to our discussion groups know that we have changed the way private email is sent to someone who has made a posting.

Please feel free to include your email address in your postings.  If anyone makes a personal reply, they do it through our website without ever becoming aware of your email address.

We will keep the email address completely private and secure in our internal database.

Charles Reich
Wednesday, November 13, 2002

A good idea.

For better browser compatibility, the following problem should be addressed:  unlike the "Reply" link, the link to send private email is currently not HTML Encoded.

Example link:
http://discuss.fogcreek.com/dotnetquestions/default.asp?cmd=newmailform&ixPost=740&sHeadLine=Spam Proofing our discuss boards
(note that this link won't be displayed properly in the forum, since it contains spaces)

Expected link:
http://discuss.fogcreek.com/dotnetquestions/default.asp?cmd=newmailform&ixPost=740&sHeadLine=Spam Proofing+our+discuss+boards

Solution:
- Use Server.HTMLEncode on the sHeadline parameter.

Bernard Vander Beken
Thursday, November 14, 2002

Regarding the usability of the private mailing feature:

I have the feeling that the page to post a private message does not differ enough from the public reply page.

A note that a private message is being sent would be useful.

Bernard Vander Beken
Thursday, November 14, 2002

Thanks for the suggestion Bernard.

I have changed the script to use Server.URLEncode on the sHeadline parameter.

Charles Reich
Thursday, November 14, 2002

it stops email addresses being trivially harvested.  It does not stop you getting sent spam by using your email address on this forum.

I just followed the message hyperlink from one of my own postings and then edited the url to give me a new subject.  I then changed the sender's email address to something completely fictious and entered some test message.  What do you know?  Anyone can send any message with any subject to any poster on this forum and the email looks like it comes from fogcreek software.

An 'opt out of email altogether' option might be nice (and default) for posters.  And there might be more technical solutions to prevent this being scripted (although big email signup companies who use grainy gif type-this-text-in systems don't seem to stop robots).  Anyone got any ideas?

Will
Friday, November 15, 2002

Does this mean that Joel will be paying a penny for each question we send?

Jim Argeropoulos
Friday, November 15, 2002

*  Recent Topics

*  Fog Creek Home