Tags:
create new tag
, view all tags

Question

On some pages the antispam system does not work... The first time I noticed it it was on the result page of the ResetPassword form: 

   Please copy this information into a friendly e-mail to Peter@Thoeny.com

Then I noticed that Peter's correct e-address also appeared at the bottom of the TWikiRegistration page.

Peter told me that "The result page is only shown after submitting a form, spam harvester typically ignore forms." Although this may be true up to now, I don't feel secured.

  • The result page is not a form (but it's still "linked" by one)
  • More importantly, the reference to %WIKIWEBMASTER% on the TWikiRegistration page is on a normal page and not between the FORM tags.

So I decided to investigate when and why the antispam system doesn't work. And I've discovered that ...

The antispam system needs a whitespace before and after the reference to the email address variable.

A few example:

Imagine you have the email address webmaster@your.company.com and the antispam SPAM. If we have something like x%WIKIWEBMASTER%y what happens if ...

x y on screen status
whitespace whitespace webmaster@yourPLEASENOSPAM.companySPAM.com OK
whitespace [a-zA-Z0-9_-] webmaster@yourPLEASENOSPAM.companySPAM.comy KO
whitespace [.,?!:;)] webmaster@yourPLEASENOSPAM.companySPAM.comy OK
whitespace [^a-zA-Z0-9)] webmaster@yourSPAMPLEASENOSPAM.company.comy KO
[a-zA-Z0-9_-.] whitespace xwebmaster@yourPLEASENOSPAM.companySPAM.com KO
( whitespace xwebmaster@yourPLEASENOSPAM.companySPAM.com OK
[^a-zA-Z0-9_-.(] whitespace xwebmaster@your.company.com KO

And so on...

  • TWiki version: 01Feb2003
  • Perl version: 5.005_03 (for sun4-solaris)
  • Web server & version: Apache 1.3.27
  • Server OS: SunOS 5.8
  • Web browser & version: Opera 7.01 & Netscape
  • Client OS: SunOS 5.8 & WinXP
  • RCS: RCSLite
  • Testenv: testenv

-- OlivierNisole - 12 Mar 2003

Answer

Automatic e-mail address linking requires preceeding whitespace or parenthesis, this is spec. With that, spam-padding has the same rule.

For technically inclined, this is the regex pattern:

([\s\(])(?:mailto\:)*([a-zA-Z0-9\-\_\.\+]+)\@([a-zA-Z0-9\-\_\.]+)\.([a-zA-Z0-9\-\_]+)(?=[\s\.\,\;\:\!\?\)])

-- PeterThoeny - 14 Mar 2003

See also SpamProofing.

-- RichardDonkin - 14 Mar 2003

I totally agree with the opinion of Richard in the SpamProofing thread: if the user choose to use the antispam system, it ought to work everywhere. This system has to be automatic or not... it can't be partially automatic, that's pure nonsense! I don't trust a system that works some times and don't other times, just because of the previous character...

-- OlivierNisole - 19 Mar 2003

WebForm
SupportStatus Select one...
Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2003-03-19 - OlivierNisole
 

Twitter Delicious Facebook Digg Google Bookmarks E-mail LinkedIn Reddit StumbleUpon    
  • Download TWiki
TWiki logo Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.