What are the dangers of a mailto link?

I was looking through my spam folder, and there’s a 100% sure spam email, that asks me to confirm that I want to unsubscribe by clicking some big unsubscribe button. That button is simply a mailto: link, similar to the one below


There are no images in the email, so no pixel tracking.

What is the attack here?

Is the attacker’s hope that I would click on the mailto link, and then click send, and then they’d know that my email address is of a gullible person, so they’d better prioritize their real spamming resources, or is there more to it?

I find the above attack odd, because it puts quite some burden on the attacked. I need to ignore the fact that I never subscribed to require clicking on unsubscribe, then I need to click on Unsubscribe, then the mailto: protocol needs to be correctly associated with whatever I use for email, then I also need to click send, then the email client would ask me to confirm that I want to send a message without any content, then I would either confirm, or actually write some text in the content, and then the message would be sent, and the attack would be successful. That’s a lot of work and I can change my mind at any time in this process and the attack would be unsuccessful.

Can a mailto link be somehow exploited?

How can DMs effectively telegraph specific dangers in D&D?

There are some play-styles of D&D in which the spectre of player-character death is considered a feature of the game rather than a bug. For my own reasons (which aren’t the point of the question), I see them as a feature especially in exploration-focused games (e.g., sandboxes, old-school dungeon-crawling) where there are lots of ways for players to arm themselves with enough information to make informed decisions about the dangers they’re willing to tackle.

Even with players that play strategically, seeking that intel and using it to pick their battles strategically, it is still on the DM’s shoulders to provide good clues and tell-tales during play. How well the DM does this will significantly impact the players’ ability to make informed decisions on where to go, how to prepare, what to fight, and what to avoid. If the players don’t catch the clues, it should be because they weren’t paying attention or didn’t put 2 and 2 together, not because the DM’s descriptions suck.

What techniques can the DM use to effectively telegraph to the players the existence and/or nature of the dangers they face?

These assumptions are inherent in the question:

  • The players are already playing strategically, and don’t need to be “trained” in this play-style.
  • Senseless, random PC death is a real possibility, not just threat to set the tone of the game or generate fearfulness in the players.
  • Characters almost always die when players put them in dangerous situations they’re not prepared to deal with.
  • Characters might live when players are observant, know what dangers to expect, are well-prepared, and don’t take on dangers that are beyond their ability—and even then, the dice have to go in their favour. Knowledge is the edge they need to bend the odds in their favour.
  • The players don’t necessarily have access to stat blocks or other, out-of-game information on in-game dangers.
  • Players are relying on the DM’s descriptions to understand the world, including its dangers and rewards.

(This isn’t an invitation to argue whether an exploration, frequent-PC-death play-style is good or not. That’s just background to the question.)

Related: How can I make my PCs flee?

Dangers of using TOR snowflake?

The TOR project has recently released a browser extension called snowflake which allows users in countries with heavy censorship to access websites which would otherwise be blocked using the connections of volunteers as proxies. They have stated –

There is no need to worry about which websites people are accessing through your proxy. Their visible browsing IP address will match their Tor exit node, not yours.

Which clears up one worry that most people would have with volunteering for such a project.

But are there any dangers for allowing your system to act as such a proxy ?

What are the dangers of renaming spells and changing their flavour, without changing mechanics at all?

I’m about to help get a bunch of interested new players into D&D, running a one-shot for them to give them a feel for the game and hopefully a fun first-taste of tabletop roleplaying.

Before starting, I’ve been asking them what kinds of things they want to get out of the game, and what their expectations are. In particular, as I’m going to pre-gen characters to simplify things, I’ve asked what kinds of character they find appealing.

However, the flavour of things that they want to play aren’t necessarily supported by the PHB – but at the same time I’d rather steer clear of homebrew as far as mechanics go. For example, one player who is interested in being “some kind of magic user that exploits darkness-like-effects”.

For an example spell: turn flaming sphere into a sphere of darkness that engulfs those it touches, absorbing the life straight from their skin. But it still does 2d6 fire damage.

I don’t plan to change damage types as this feels like a bigger can of worms. Fire-damage would still apply, but would be described as darkness eating into the target/wrapping round “like flames”. It would also mean that oil and flammable items would be affected in a similar way to fire.

That’s just one example though. Since I’d be doing this with more spells my question isn’t about one specific spell.

My question is: What dangers, if any, are there of renaming existing spells and changing their flavour text while using their existing mechanics?

Getting called from hidden caller ID, what are the dangers if I answer?

My girlfriend has been getting calls on her iPhone from a hidden caller ID for several days in a row now. She has not answered any of them because we figured it can’t be anything good if it’s hidden. However, as the calls are relentless, we are curious as to who or what it is about and she is thinking of answering the next call.

What could be the dangers of this and how bad of an idea is this?