"Send this article to a friend" techniques

by "Louise Dade" <louise.dade(at)ntlworld.com>

 Date:  Wed, 20 Feb 2002 12:47:09 -0000
 To:  <hwg-techniques(at)mail.hwg.org>
 References: 
  todo: View Thread, Original
Hi,

I run the website (volunteer basis) for a local theatre and thought a nice
feature to add to the "What's On" pages would be a "Email these details to a
friend" function.

Imagine the scenario:

People looking for a good night out in their area. They come across a
production on our website and think: "Hey, this looks good, I'll send the
details to Friend X, Y and Z to see if they want to see it". The friends get
send an email from the website with the accurate (rather than
half-remembered the next day) details of the production and they all decide
to buy tickets.  Net result:  bums on seats.  (As to whether they enjoy the
production and wish to see more of them is, alas, beyond a web designer's
control -- of course, I'd LOVE to be able to run all the actors, directors
and crew through a validator first!!!)

I know people can use "Send as email" from their browser but a) not
everybody knows they can do that, b) it sends the whole page, HTML, images
and all... and personally I hate it when people send me whole webpages to
look at, and c) if they use the "send as link" option in the browser the
recipient may not bother to lookat it, whereas if the information is there
in the email in front of them, they will be more inclined to read it.

My worry, though, is that by having a web site form where visitors can enter
email address themselves will encourage spamming.  Even if the backend
script (Perl, that's all I can use on this server) is set only to process
forms submitted from the theatre's server (checking referrers) how can I
stop people entering lots of email address in the form and spamming people
USING my form - especially as the "From" address will also need to be typed
in by the user -- which means they only have to use the theatre's own email
address to fake spam from another source.

Yes, I'm looking at a worst case scenario:  Somebody maliciously (I'm trying
not even to think of one of the cast well-meaning, but misguided) entering a
bunch of emails into the "To" section (oh, I dunno... all the local papers,
pubs, clubs, social groups etc), and the theatre's email in the "From"
section, then sending.  It will look like the theatre is spamming people to
get more bums on seats.

Has anybody done something like this before.  How did you minimise the risk?
Should I not allow any personal messages to be added?  Or maybe limited the
size of the messages?  Maybe I should only allow people to send to one email
address at a time?  Or will that annoy people who wish to send to two or
more people? Should I abandon the idea altogether (although other web sites
have "send to a friend" feature)?

The URL in question: www.qmt.org.uk/whatson/   (the "email to a friend"
function would appear on the details page for each individual show)

Any ideas, suggestions, techniques will be appreciated.

Louise Dade
===============================================
www.classical-webdesigns.co.uk
www.classical-webdesigns.co.uk/falco/ - the Roman sleuth!
www.qmt.org.uk - The Queen Mother Theatre

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA