Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Email addresses inside URL

Tags:

url

email-address

Is it safe to use e-mail addresses inside URLs? I mean lets say a web-application has a registered user "Bob" and Bob has been registered by using his email => [email protected]. Now what's your opinion, is it safe for the application to accept and work with GET requests on //application.com/[email protected] and the same kind of URLs for every user?

like image 620
Kostas Avatar asked Dec 05 '13 12:12

Kostas

People also ask

Is it OK to pass email address in URL?

No it is not possible with PHP or Javascript to just grab the email address. You could pass the email address/unique identifier in URL but this would need to be inside the URL you sent to the users mailbox.

Can an email address be a URL?

A mailto link is a Uniform Resource Identifier (URI) scheme for email addresses. It is a type of HTML or URL link that activates the default mail client (Gmail, Outlook etc.) on the computer for sending an e-mail.

How do I hide email address in URL?

If you're including the email in the URL you cannot hide it, but you can encrypt it. If encryption doesn't rock your world, and you simply want to obscure the email address, you could obfuscate it. The application sends an email with a link to a landing page to a prospect from an inquiry.

1 Answers

Basically it depends on if you love or hate your users. When you do what you suggest, these URLs will spread on HTML pages on the web. Not necessarily confined to your own site, because people may link to it.

When your page gains enough traction to become important, crawler authors for spam bots will notice and add rules to their crawlers to extract the email address from URLs. It might even not be necessary, because some dumb regexes might already find the email without adaption.

Then, your users' email addresses will land on spammers' lists and get "unwanted adverts", euphemistically speaking. (These email lists will be rather high-valued, too, because they are "verified" to be real, existing ones.)

What you're doing here is giving away a private bit of identification your users trusted you with. Never ever allow that to be in public, unless your users told you so!

From a technical perspective, you can just go for it.

like image 50
Boldewyn Avatar answered Oct 17 '22 22:10

Boldewyn
Sign in to Comment

Related questions

Change Wordpress Admin URL
cy.url() and/or cy.location('href') does not return a string
How to remove app name and port from url in grails?
MalformedURLException although I have already replaced spaces with %20
Extract domain name from URL in Python
What to use for space in REST URI?
URL/HTML Escaping/Encoding
What is the fastest way to get the domain/host name from a URL?
How can I cut a substring from a string to the end using Javascript?
URLConnection Error - java.io.IOException: Server returned HTTP response code: 400 for URL
How to get a url parameter in Magento controller?
jquery - get url path?
Angular - The requested URL /home was not found on this server
is URL valid or not [duplicate]
How to Change ASP.NET MVC Controller Name in URL?
How to cast a string to an URL in java?
How do I easily parse a URL with parameters in a Rails test?
How can I check if a URL exists with Django’s validators?
Get last word from URL after a slash in PHP
PhoneGap on iOS with absolute path URLs for assets?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!