Re: "Send to a friend" techniques - a summary

Thank you for all your responses.  It would appear that the "send to a
friend" feature on websites is a controversial one.

Here is a summary of what people have said on and off list - with my
comments added.

1. Don't Do It.  It's seen as a way of collecting emails for spamming
purposes. [Josh Bernard and Mike Taylor]

Real Life Example:
    > Yep, where I work, they specifically asked me to set an e-mail a
friend
    > type of project specifically to gather e-mail addresses, despite my
    > protests.
     [Quoted from Mike Taylor]

Comment:
Well now, it seems that this is a case where spammers have spoilt it for the
rest of us by ensuring users no longer trust such features even if the
website in question is it innocently.

The Theatre is a well known entity in our local area, and people trust it.
Therefore, I would hope that people would trust us with their emails on the
website.  There would be a note in the "Privacy" section saying that we do
not keep their email addresses and that the form is safe to use.

2.  Give users instructions on how to send the page with the browser [Josh
Bernard]

Comment:
Yeah, but then I'd need instructions for all types of browser.  In the past
month alone the following browsers have been used:  IE, Netscape (including
a version 3!!!), AOL, Opera and Lynx.  Also, it strikes me a tad amateurish
for the professional feel the Theatre wishes to create.  In some
circumstances instructions are enough, but not in this circumstance.

3. Netiquette lessons for the Theatre? [Collette McNeill]

Comment:
Certainly I can send out a note in the Theatre's newsletter (dead-tree
wasting newsletter, alas) about the form, it's purpose and what not to use
it for.

4.  Validation of form fields and backend domain validation [Mike Taylor]

Comment:
Yes, naturally any script I wrote would include validation of all the form
fields.  I don't have access to the server itself - it is a hosted website.
All I can do is run CGI scripts.  The script would use sendmail.  Of course
the limitation is that it is possible to enter a perfectly valid by fake
email address -- (fake in a "made up" sense and fake in a "not really my
email address, I'm just stealing it for my nefarious purposes" sense).

5.  Tracking users with environmentals  [Collette McNeill] and use referers.
[cbirds(at)earthlink.net]

Comment:
I can certainly keep a track of environmentals.  If a particular domain
appears a little too regularly I can ban it (how does this work with
dynamic, or shared, IPs?).

I can also add a footnote to the emails that are sent saying that it's not
been sent by the Theatre, and that if the recipient feels they have been
sent it as spam, to forward the entire email to the Theatre who will then
investigate the user who sent the email to the recipeint.

Similarly, last night it occured to me that I can ban certain email
addresses.  If I don't want people to use the Theatre's own email address in
the "from" field, I can specifically block it in the script -- so that
anything that matches "*(at)qmt.org.uk" will thow up an error.

I always add a referer to any script to stop it being used outside my
domain.

6.  Only allow space for one email address. [cbirds(at)earthlink.net]

Comment:
OK, this was what I was unsure of.  Whether to go for user-friendly and
allow more than one address, or play-it-safe and only allow one at a time.
I have seen both methods used in my trawls across the web.  I think I'll off
with one at a time for now.  If the features takes off, I'll consider
expanding it to three or four friend emails.

7.  Newspapers WANT to be sent information.  [Collette McNeill]

Comment:
Yes, you're right, I don't mean that we didn't want them being sent the info
in the normal course of publicity, just that we don't want them being
repeatedly sent the same thing.  The little netiquette lesson and the
blocking of qmt.org.uk domain "From" addresses will help ensure that the
Theatre itself doesn't abuse the system.  Oh and of course I trust those
Theatre types -- one of them is my sister, and my mum helps them out too
(that's why I do the web site)!!!  I was just looking at the worst case
scenario.

8.  Some resources.

Thanks to the people who sent me script/code resources.  I'm sorry, but I
should have said in my original email that I don't actually need code, I can
write the script in Perl no problem.  It was nice of you to send me links,
anyway, thank you.  I include them here for completeness and in case anybody
else needs these links in the future.

- A Script Repository:
http://cgi.resourceindex.com/Programs_and_Scripts/Perl/Website_Promotion/Rec
ommend_Site/
[from Christie Cooksey]

- A Specific Program (no rating about how effective it is):
http://willmaster.com/master/webpagemailer/index.shtml
[from Val Dragu]

- A JavaScript Solution in Action (if server-side scripting can't be used)
http://www.westernracingleague.com/home.html
> View the source in the header as well as the body.
[from Kevin Bayley]

Thanks again to everybody. I'm definitely going to add the feature and
employ some of the suggestions offered.  If it gets abused, I can always
shut it down.

Louise Dade
===============================================
www.classical-webdesigns.co.uk
www.classical-webdesigns.co.uk/falco/ - the Roman sleuth!
www.qmt.org.uk - The Queen Mother Theatre

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA