lucy24 - 10:21 am on Aug 8, 2012 (gmt 0)
Urk. Sorry, I was incoherent. Every page has a "contact us" link which leads to a form, but some pages also have an individual e-mail link. That's where I met the mailer-daemon. The actual Contact Us only has a captcha. Oh, yes, and if you do anything wrong-- like filling more than half of the text input area, or including an url to show what you're talking about-- you get taken to a full-fledged error page which I am tolerably certain is not really intended for public consumpiton.
Server Error in '/' Application.
A potentially dangerous Request.Form value was detected from the client (ctl00$MainBodyContent$Body="...mation
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
... and so on for about 40 more lines. I don't speak .asp so it's just so much Hungarian to me. Possibly the designer forgot the cardinal rule: Don't only make sure it works when it's supposed to. Also make sure it doesn't work when it isn't supposed to. (I found by accident that the site doesn't even have a custom 403 page, although the host apparently expects them to. Sheesh.)
I've got naked e-mail links on my own site. And almost the same on the art studio's site, just disguised as an html form. But then, I'm not the top widget supplier for the Atlantic seaboard, so I'm not much plagued with spam.
Besides, "contact us" links make me anxious as a user. You never know what information they're going to demand or how many things you're allowed to click before there's no going back.