How to stop e-mail clients from visiting links in

2020-07-24 04:40发布

问题:

I have a PHP script that sends out plain-text e-mails which contain links to certain actions like confirmations and agreements etc.

What I have noticed is that the Web version of Outlook will automatically detect the link and visit the link in the background before the user clicks on it. I've noticed this because as soon as I open my e-mail, stuff changes in the database. Also checking the Apache access log, I see BingPreview/1.0b as the user agent.

This is very bad as the user may not want to perform these actions.

Are there e-mail headers that I can send to disable this behavior? Suggestions?

回答1:

As I wrote in comments:

"You could use some form of input button and a checkbox all set in conditional statements. Those can't physically be clicked/checked."

Side note correction: I made a slight grammar mistake. That should have read as:

"You could use some form of input button and a checkbox all set in conditional statements. Those can't virtually be clicked/checked, and must be physically done by a real person."

Even Google recommends using a checkbox.

  • https://support.google.com/mail/answer/81126?hl=en

Under "Subscription":

"By manually checking a box on a web form, or within a piece of software."

and

"Setting a checkbox on a web form or within a piece of software to subscribe all users by default (requiring users to explicitly opt-out of mailings)."

Additionally, you could use a reCAPTCHA:

  • https://www.google.com/recaptcha/intro/

Here's another article on Google and checkboxes; even though it's "spam-related", the same logic applies:

  • http://blogs.findlaw.com/technologist/2014/12/google-replaces-annoying-anti-spam-captcha-with-checkbox-kittens.html

Pulled from that article:

"Google introduced a better solution this week: the "No CAPTCHA reCAPTCHA," which we'll refer to as "checkboxes and kittens."

and

"That's it. A checkbox. "I'm not a robot." Though Google doesn't go into detail on the magic behind the box, the blog post announcing the change said that a "risk analysis engine" measures how a user interacts with a page, and with the CAPTCHA, to tell if anything more than a simple checkbox is necessary. If you're detected as a human, you check a box and hit submit."

All this set inside conditional statements to check if a submit button was clicked and the checkbox is set, using name attributes for each.

I.e.:

<form action="handler.php" method="post">

    <input type="checkbox" value="XX" name="checkbox_x">
    <input type="submit" name="submit_button">

</form>

<?php 
    if(isset($_POST['submit_button'])){

        if(isset($_POST['checkbox_x'])){

        // Do your thing
        // Additionally, you could place GET array(s) if they're being used
        // and also check to see if any are set and not empty.

        }


    }
?>

Sidenote: You could also check if a checkbox is equal to something in addition to the above using the && (AND) logical operator.

Example: && $_POST['checkbox_x'] == 'XX'.

You could also have look at this Q&A on Stack:

  • Checkbox as alternative to captcha?

where a honeypost was suggested and a few other suggestions.

The following was pulled from your deleted answer.

Reference:

  • http://south634.com/is-hotmail-clicking-your-account-confirmation-links/

"One thing you could do is, set your .htaccess to block the BingPreview user agent from accessing your signup and password reset paths (Your paths may differ from this example)::

RewriteEngine On
RewriteCond %{REQUEST_URI} /signup/confirm/ [OR]
RewriteCond %{REQUEST_URI} /resetting/reset/ 
RewriteCond %{HTTP_USER_AGENT} BingPreview
RewriteRule . - [F,L]

"This will stop the BingPreview crawler, but I feel like it is an incomplete solution. You can block as many annoying user agents here as you want, but do you really want to spend all your time hunting down which email providers are providing similar link previews in their emails?"



标签: php email bing