Page 2 - Http://www.rhmun.com

Besides that...HTML mailto tags can be used maliciously to possibly crash a user's machine. An example is provided below...click at your own risk...

Malicious HTML Mailto Tag

Wow..... THANK YOU.

You just raped my computer there...

nice, my computer survived the stress test.
so you say mailto should be removed completely and banned?
it's not different from having "malicious" JavaScript which use
timer to display alert every milisecond - if website choose to
have such code, users will simply never visit it again.

anyway - even if people don't have Outlook they can still right
click the mailto link and choose Copy Address - elegant and simple.

Yes, however, Outlook Express is preinstalled... If a user doesn't use it but still has it, then it'll cause them trouble when Outlook pops up.

well, if you're concluding some fact regarding all users based
on your own experience without running any survey, it's not
very smart move.

smart guess is that good part of the people who are using
the Internet still use Outlook. I guess more than half.

If you were developing personal site for your own use, or for
you and your desk mates only, it wouldn't have mattered -
but when you build public website, you have to consider other people.

Yes yes thank you for that tip. However, Hotmail doesn't work with Outlook express... so i think a lot of users are in my situation.

you are plain wrong.
I still use Outlook Express at home and I can send emails to
Hotmail, get emails from Hotmail and even have Hotmail inbox
folder at my Outlook.
where you got your wrong information from?

I never list any email address on any web site that is open to the Internet. Instead, I would have visitors comminicate via a web form. After the message is submit, have your code send the form data to an email address. There's nothing like advertising your e-mail address to every spammer that comes across your site...

No offense, but why would anyone use Outlook Express, it has tons of known and exploitable vulnerabilities? Why would anyone use it to pull web mail down to their local machine...this is how viruses/trojans/etc... occur.

Outlook Express should come with a bright flashing banner that reads, "USE AT YOUR OWN RISK!" I only allow emails on my local machine from trusted sources that encrypt using my PGP key.

Additionally, JavaScript, by it's very nature, is prevented from directly executing anything on the local machine. Unlike a mailto tag, that can force Outlook pop open, javascript can't perform this type of malicious action.

As for putting mailto links on a site...I would never put up a personal email address. I'd only put up an alias. Spammers use spiders and other crap to crawl the internet looking for and gathering email addresses to send their spam too.

why? same reason people are still using Windows, although it
proved to be dangerous, full of bugs and full of even more security
holes.

I'm used to it, and see no reason to learn how to use some
other fancy mail program that will have its own bugs and security problems.

I never got any virus from there, the only virus I got was from
within Hotmail website in the very first days of the Worms.

anyway, back to topic: ideal situation is like JMH said, have
feedback form and no email addresses at all. but if you do
have such addresses, and expect people to actually use them,
have them clickable. in the least it save people the need to
select with their mouse, instead they have the right click option.

Hmmm, what about some big websites out there, to prevent spam, they use things like webmaster [at] something.com. They could of at least have a javascript where onclick the link turns into mailto:webaster@something.com . Instead, it's just text...

that would make the whole thing meaningless, because spam bots are
looking in the source of the page. they will see the full address there
and have their feast.

Ahh... Got ya.