Most contact webforms in reality send email to one or more persons at the
company anyway. The question is that companies do not want to provide
their email addresses on website (harvesting and other reasons) and trust
what has come from their website rather from direct email.
So the problem is in trying to extend trust that vendor see from their
webform to email sender. One such mechanism is to have vendors display to
the users on website email addresses such as
"sales-xxxxx(_at_)domain(_dot_)com"
where xxxxxx corresponds to sessionid of the visitor to their website and
exist for certain small period of time. Because session ids can be unique
and with 8 hex characters there can be more then enough of them to not be
repeated for a long time while the actual email (for example
"sales-18f83a73(_at_)elan(_dot_)net") is not too long to not allow user to
write
it down or copy it over to the mail client software. Relaying on session
ids will also allow to trace those who harvest and immediatly send spam
as you can then look at the logs and see what ip address was responsible.
You know, two can play at that game... how do you think those arrogant
companies
would like it if the customer wouldn't give them an E-mail address or telephone
number either, but instead gave them a URL of our personal homepage webform and
forced THEM to reply to US that way, too? Turnabout, after all, IS fair play...
Ultimately, what's more important is to control spamming REGARDLESS of where
they got the E-mail address from.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support the Anti-SPAM Amendment! Join at http://www.cauce.org/
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg