I was looking through my spam folder, and there’s a 100% sure spam email, that asks me to confirm that I want to unsubscribe by clicking some big unsubscribe button. That button is simply a mailto: link, similar to the one below
There are no images in the email, so no pixel tracking.
What is the attack here?
Is the attacker’s hope that I would click on the mailto link, and then click send, and then they’d know that my email address is of a gullible person, so they’d better prioritize their real spamming resources, or is there more to it?
I find the above attack odd, because it puts quite some burden on the attacked. I need to ignore the fact that I never subscribed to require clicking on unsubscribe, then I need to click on Unsubscribe, then the mailto: protocol needs to be correctly associated with whatever I use for email, then I also need to click send, then the email client would ask me to confirm that I want to send a message without any content, then I would either confirm, or actually write some text in the content, and then the message would be sent, and the attack would be successful. That’s a lot of work and I can change my mind at any time in this process and the attack would be unsuccessful.
Can a mailto link be somehow exploited?
I have done some basic research on this topic, but didn’t came with valid conclusion as resources were not from well known or reputed sources.
Hypothesis: (Especially for residential users), people don’t use local Mail programs (as Outlook).
Hypothesis2: When an e-mail link occurs, people will rather copy e-mail and paste it in Browser E-mail message than use Mailto option.
Hypothesis3: Mailto option will by default open Email software that is not configured, and cause user frustration.
Conclusion: Mailto option should not be set as default on E-mail links, and should be provided with redesigned replacement.
Any thoughts or ideas on this topic?
Estou usando a tag html para link de email:
<a href ="mailto:firstname.lastname@example.org">Entre em contato</a>
Mas simplesmente não abre, nada ocorre. Meu SO é Windows 7 ultimate 32bits Servidor de email é thunderbird e já testei no opera, chrome e explorer e nenhum funciona.
Testei outras tags de link url e funciona normalmente
I am trying to add a mailto link or button to a modern SharePoint online page. I want such that when the link is clicked, it will launch Microsoft Outlook or the email client. I have tried using the quick links web part but it is not accepting the link (mailto:email@example.com). It seems to be expecting a link that must start with https://
I would like to know if there are other options I can use to achieve my goal.
thanks in advance.
I’m using SmartTemplate4 addon for Thunderbird and I’m getting feedback which says that my club members cannot reply any more.
Before this add on, I used in the emails I sent out a mailto section in the template, as below:
href="mailto:firstname.lastname@example.orgemail@example.com&subject=Next-Workshop&body=Yes,%20I%20will%20be%20attending.">click here to confirm attendance.
It worked perfectly for years, then I added SmartTemplate, and when the member clicks on it, they get as a reply:
Yes, class=’noWrite’>??20will hdr=’20be’ st4variable=’20be’ title=’20be’
I find it a wee bit obnoxious to see modern websites — even those with decent design —, still using contact links that open a user’s email client without fair disclosure. Be it a lack of microcopy or just the plain use of an email address as a link.
For example, visit https://www.coach.me and select the contact link in the footer, or go to Frank Chimero’s site http://ofanother.com/info/ and select “Work Inquiries” under the contact heading.
Now, I haven’t conducted formal research on the topic, but when I asked half-dozen family, friends (and even an odd stranger at a coffee shop) about this issue the sentiment was unanimous: “I hate it.”
What are your thoughts on why this is still a norm?