Welcome to WebmasterWorld, damlag!

No, it is impossible to detect a user's email address via a web page, and there would be numerous security and other issues which would stop this happening.

Really?
I was damn sure it was possible somehow.

I mean if people can detect language, country, even ip address...

Everything is configured in browser. When You open tools/internet options, everything is there... goto programs, see outlook express. So if outlook is there, it should be some how possible to retrieve name and e-mail.

Well...

Maybe hackers know some tricks :)

thanx anyway.

[edited by: engine at 9:23 am (utc) on June 14, 2004]
[edit reason] formatting [/edit]

I mean if people can detect language,

Language preferences are advertised by the browser. See RFC2616

country,

Implied by the IP address

even ip address...

Even? The client can never establish a connection without revealing its IP address to the server. How else could the server send packets back to the client?

Everything is configured in browser.

Depends on the browser and email client

it should be some how possible to retrieve
name and e-mail.

Only if the browser's security is awful.

....it should be some how possible to retrieve
name and e-mail....

Really scary premise. An implementation of this sort of "big brothering" would be highly likely to stop a great deal of the very web-traffic people value it for!

...it should be some how possible to retrieve
name and e-mail....

Nonsense and impossible.

I know the president of a relatively large corporation who wanted the company website set up to "gather" the e-mail addresses of its visitors so they could develop a newsletter list.

To his credit, he didn't realize the technical impossibility or the ethical irresponsibility of such an approach. He had been in name-list rental before, and was only bringing tactics which, in physical address list rental, are very good practice.

See, I wanted to have a e-mail form so people could subscribe to my list. You probably have seen those javascript alerts, where visitors can subscribe with a click of a button. But if visitor hasn't set up any account with
outlook, he won't be able to e-mail anyone.

So I thought it would be a good idea to show visitors e-mail address and name automatically in subscription box. If he/she has e-mail set up, he/she can subscribe with a click of a button. If not, then he/she can type it manually.

I thought it's somehow possible, just like those alert boxes. I didn't think about browser security and other issues.

Well, thanx for explaining guys. Little dissapointed but what can You do about it...

[edited by: BlobFisk at 7:55 am (utc) on June 15, 2004]
[edit reason] Formatting [/edit]

In the original HTTP implementations, the email address was actually sent by the browser as one of the header fields. Email harvesters quickly caught on and browser makers soon removed the field from the headers. I think it was out by Netscape 2.0 if not sooner.

Yes, it is possible to collect email addresses via a web page. It is an old trick, and many spammers still use it.

They serve one image on their webpage as <img src="ftp://thedomain.com/theimage.jpg"> and the browser will then fetch the image via anonymous FTP, giving a username of anonymous and a password of whatever the user put there most commonly an email address. Mine gives you.are.a.spammer@bog.off (or something like that) for example; because I am already wise to that one, and I do all of my real FTP transactions, using a dedicated FTP client.

Would you elaborate on how this works and how to stop it?

I don't think that is a problem anymore
In a quick test,
IE sent IEUser@
Squid proxy server sent Squid@
Opera sent opera@
Mozilla sent mozilla@example.com
as the anonymous ftp password.

Aye, I think that bug was fixed around v.5...?

And only worked if Outlook was the default client. Nowadays it's just anonymous, blank, or ie@ (dependent upon setup)