Tags:
create new tag
view all tags

Question

On some pages the antispam system does not work... The first time I noticed it it was on the result page of the ResetPassword form: 

   Please copy this information into a friendly e-mail to Peter@Thoeny.com

Then I noticed that Peter's correct e-address also appeared at the bottom of the TWikiRegistration page.

Peter told me that "The result page is only shown after submitting a form, spam harvester typically ignore forms." Although this may be true up to now, I don't feel secured.

  • The result page is not a form (but it's still "linked" by one)
  • More importantly, the reference to %WIKIWEBMASTER% on the TWikiRegistration page is on a normal page and not between the FORM tags.

So I decided to investigate when and why the antispam system doesn't work. And I've discovered that ...

The antispam system needs a whitespace before and after the reference to the email address variable.

A few example:

Imagine you have the email address webmaster@your.company.com and the antispam SPAM. If we have something like x%WIKIWEBMASTER%y what happens if ...

x y on screen status
whitespace whitespace webmaster@yourPLEASENOSPAM.companySPAM.com OK
whitespace [a-zA-Z0-9_-] webmaster@yourPLEASENOSPAM.companySPAM.comy KO
whitespace [.,?!:;)] webmaster@yourPLEASENOSPAM.companySPAM.comy OK
whitespace [^a-zA-Z0-9)] webmaster@yourSPAMPLEASENOSPAM.company.comy KO
[a-zA-Z0-9_-.] whitespace xwebmaster@yourPLEASENOSPAM.companySPAM.com KO
( whitespace xwebmaster@yourPLEASENOSPAM.companySPAM.com OK
[^a-zA-Z0-9_-.(] whitespace xwebmaster@your.company.com KO

And so on...

  • TWiki version: 01Feb2003
  • Perl version: 5.005_03 (for sun4-solaris)
  • Web server & version: Apache 1.3.27
  • Server OS: SunOS 5.8
  • Web browser & version: Opera 7.01 & Netscape
  • Client OS: SunOS 5.8 & WinXP
  • RCS: RCSLite
  • Testenv: testenv

-- OlivierNisole - 12 Mar 2003

Answer

Automatic e-mail address linking requires preceeding whitespace or parenthesis, this is spec. With that, spam-padding has the same rule.

For technically inclined, this is the regex pattern:

([\s\(])(?:mailto\:)*([a-zA-Z0-9\-\_\.\+]+)\@([a-zA-Z0-9\-\_\.]+)\.([a-zA-Z0-9\-\_]+)(?=[\s\.\,\;\:\!\?\)])

-- PeterThoeny - 14 Mar 2003

See also SpamProofing.

-- RichardDonkin - 14 Mar 2003

I totally agree with the opinion of Richard in the SpamProofing thread: if the user choose to use the antispam system, it ought to work everywhere. This system has to be automatic or not... it can't be partially automatic, that's pure nonsense! I don't trust a system that works some times and don't other times, just because of the previous character...

-- OlivierNisole - 19 Mar 2003

WebForm
SupportStatus Select one...
Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2003-03-19 - OlivierNisole
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.