mailto

The mailto URI scheme, as registered with the Internet Assigned Numbers Authority (IANA), defines the scheme for Simple Mail Transfer Protocol (SMTP) email addresses. It allows users clicking a link in a website to send an e-mail without first having to copy the destination e-mail address and open an e-mail client. Though its use is not strictly defined, URLs of this form are intended to be used to open the new message window of the user's email client when the URL is activated, with the address as defined by the URL in the "To:" field. [1] [2] [3] [4]

Examples

Using "mailto" within a HTML document to generate a link for sending email:

<a href="mailto:someone@example.com">Send email</a>

It is also possible to specify initial values for headers (e.g. subject, cc, etc.) and message body in the URL. Blanks, carriage returns, and linefeeds cannot be embedded but must be percent-encoded.

<a href="mailto:someone@example.com?subject=This%20is%20the%20subject&cc=someone_else@example.com&body=This%20is%20the%20body">Send email</a>

Multiple addresses can also be specified:[5]

<a href="mailto:someone@example.com,someoneelse@example.com">Send email</a>

The address can also be omitted:

<a href="mailto:?to=&subject=mailto%20with%20examples&body=http://en.wikipedia.org/wiki/Mailto">Share this knowledge...</a>

The complete set of values and syntax with examples are listed in RFC-6068.

Malfunctions

Mailto clickable links do not always function correctly for the site visitor. The software mechanism activated by the link requires that a default email client or webmail-service be established on the computer or in the browser. Not all web browsers, such as Internet Explorer, have the capability to configure a webmail service for this purpose, but only support local email client software. Others, such as Opera, Firefox, and Chrome, do have support for both variants.

Additionally, if no email client or webmail service has been explicitly established to act as the default, one may still exist if an email client was pre-installed by the computer vendor but never used or configured by the user. In this case, upon clicking a mailto link, the user will be subjected to a volley of technical questions by the unconfigured email client.

Security and privacy

See also: Address munging

A number of security issues are mentioned in RFC2368, however the greatest concern is that of robotic address harvesting. Mailto constructs are locatable within HTML pages by automated means which typically include the use of DOM constructs or regular expressions. Addresses harvested by such means are liable to be added to spammers' mass-mailing lists and thus to receive large amounts of unwanted mail.

While methods exist to "harden" mailto links against harvesting—address munging and JavaScript-based address obfuscation among them—these protections can be circumvented by sufficiently sophisticated harvesting robots. Other techniques, like walling the address behind a CAPTCHA or similar "humanity check", provide security on par with that available for other contact methods, most notably web forms, which experience similar challenges with preventing spam.[6]

References

  1. Kyrnin, Jennifer. "The Mailto Command". About.com Web Design/HTML. Retrieved December 9, 2012.
  2. RFC 2368 (Jul 1998) : by Paul Hoffman discusses operation of the "mailto" URL in chapter 3 (superseded by RFC 6068).
  3. RFC 6068 (Oct 2010) : replaces RFC 2368 (changes are mentioned in chapter 9).
  4. Description of mailto syntax
  5. "RFC 2368 The mailto URL scheme". Retrieved 31 January 2014.
  6. http://ostermiller.org/contactform/spam.html