Support » Plugin: Email Address Encoder » Do not spam our email addresses

  • Resolved digbymaass

    (@digbymaass)


    You have no right to send emails to people whose email addresses happen not to be encoded for some reason by your plugin, which we actually use, and which invites admins to use your page scanner.

    I have just received this which you sent to someone whose email address appears on our site.

    Recently, you or someone on your team scanned the domain carnethy.com for unprotected email addresses using the page scanner on my website <https://encoder.till.im?utm_source=email-reminder&utm_medium=email&gt; .

    This is a friendly reminder that your email address xxxxx@carnethy.com is still listed on carnethy.com and is not protected from email-harvesting robots — which is exactly how I was able to send you this email.

    This is absolutely unacceptable. By all means alert the site’s admin; don’t spam anyone else.

    The reason the email address is uncoded is because I didn’t make it a mailto: link and just inserted it as text. This is the mistake you should have pointed out to me, the admin, not the recipient.

    • This topic was modified 4 months, 3 weeks ago by  digbymaass.
    • This topic was modified 4 months, 3 weeks ago by  digbymaass.
Viewing 15 replies - 1 through 15 (of 15 total)
  • Further investigation reveals that the email address in question is encoded by your plugin on the page in question – http://carnethy.com/carnethy-organised-races/scottish-long-coastal-relays/ but the encoding is defeated by the Facebook Open Graph text in the head, which has rendered it in plain text.

    I suppose this will have happened on many other pages. I await further responses from people you have informed.

    Plugin Author Till Krüss

    (@tillkruess)

    I’m sorry to hear that you don’t appreciate the warning, most people do.

    Like the email says, it’s a one-time-only courtesy message.

    If you want to encode email addresses in your header, such as open graph tags, you can follow this guide to manually encode them, or upgrade to the premium version.

    I don’t think you understand.

    I don’t appreciate the email address recipients receiving a warning. The one quoted was sent to someone (not an admin or creator of the page) who then asked me what he should do about it.

    I would welcome a warning to me, the site admin.

    You have spammed who knows how many email address owners without telling me, the administrator.

    • This reply was modified 4 months, 3 weeks ago by  digbymaass.
    Plugin Author Till Krüss

    (@tillkruess)

    There is sadly no way for me to find out the admin’s email, but I’ll add an opt-in to the scanner to avoid this happening in the future.

    We also received notification from one of our email address recipients complaining about being contacted directly. If someone is logged in as an admin and clicking the Open Page Scanner button, then they could also have the option to have all notifications go to the WP admin (or some other email address) instead of emails contained within content that could belong to recipients with no technical expertise and/or a relationship with the website admin or owner that would make such communication unacceptable.

    Yes. It’s very embarrassing for us site creators/admins. I also wonder if it’s illegal. GDPR and all that. In our case the email addresses were only visible in the page source, not openly public. There was no indication that email addresses would be harvested – ie I did not give permission for them to be harvested.

    The recipients of these ‘friendly warnings’ would have no idea as to what this was all about, and unless someone contacted me, I would not know this had happened.

    Very unsatisfactory.

    • This reply was modified 4 months, 3 weeks ago by  digbymaass.
    Plugin Author Till Krüss

    (@tillkruess)

    @carolkn: Thanks for your suggestion. The next version will include a similar opt-in process to get notified.

    Also, the “automatic emails” have been replaced by an opt-in form on encoder.till.im/scanner, so you won’t receive any further warnings by email.

    Actually nobody needs to be contacted by email, and shouldn’t be. It’s an online tool and like all such tools the result should just be shown on screen. The person initiating the search is the only person interested in the result. Emailing the email address recipients is simply pointless.

    chuckzwood

    (@chuckzwood)

    Digbymaass — Thank you very much for this post!! I was going to install this plugin, but after reading about these issues, will certainly stay away.

    digbymaass

    (@digbymaass)

    Just don’t use the page scanner and it won’t happen. In any case, the overlords of WordPress have said that email encoders aren’t effective. Being a total sceptic I’m torn between not believing them and thinking anything’s better than nothing. At the moment we still use it, but it’s totally defeated by the OpenGraph plugin rendering the email addresses as normal text in the OG tags. Bah.

    Plugin Author Till Krüss

    (@tillkruess)

    @chuckzwood: This has been resolved and the notification emails are now opt-in only.

    @digbymaass: You can encode email addresses in open graph tags as well. If you’re using Jetpack, for example, it would look like this:

    
    add_filter( 'jetpack_open_graph_tags', function ( $tags ) {
        return array_map( function ( $tag ) {
            return eae_encode_emails( $tag );
        }, $tags );
    }, 100 );
    
    digbymaass

    (@digbymaass)

    We don’t use Jetpack but we do use the plugin ‘Open Graph for Facebook, Google+ and Twitter Card Tags’. Don’t suppose you would know how to encode OG tags using this?

    Plugin Author Till Krüss

    (@tillkruess)

    Tricky, their codebase is quite messy. Try this, but make sure it doesn’t break any open graph tags.

    
    add_filter( 'fb_og_output', function ( $html ) {
        return eae_encode_emails( $html);
    }, 100 );
    
    digbymaass

    (@digbymaass)

    That worked! I’m impressed! Can you explain it?

    • This reply was modified 4 months ago by  digbymaass.
    Plugin Author Till Krüss

    (@tillkruess)

    Sure, fb_og_output is a filter used by the “Open Graph for …” plugin that allows you to change the generated open graph tags.

    For example, if you’d use the code below, no OG tags would show up.

    
    add_filter( 'fb_og_output', '__return_empty_string' );
    

    What we’re doing is running the eae_encode_emails() function provided by this plugin over the open graph tags and obfuscate emails.

    Does that help?

Viewing 15 replies - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.