From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Mon, 21 Apr 1997 20:20:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: How to pick up email addresses from a feedback form??
In-Reply-To: <3.0.1.16.19970421165922.43e76ca4@pop.mindspring.com>
Message-ID: <4PeJ6D5w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


Thomas Porter <txporter@mindspring.com> writes:

> Greetings guru's.

Om shanti.

> I have a technical question:
>
> I am using a browser(Netscape 2.0.2 Win 3.1) to access a feedback form at
> www.aaa.com.

You should definitely get a newer version of Windows (or Linux) and a
newer version of Netscape, together with a few clues.

> I fill in my information and hit the submit button.
>
> I see the message "connecting to xxx.bbb.com" flash up on the status line
> before getting a 'done' message.

Do a 'view source' in your ancient netscape, and you'll probably see that
the submit button lives in a form whose action="http://xxx.bbb.com/some.cgi".

> xxx.bbb.com is _not_ a web hosting service for www.aaa.com.  I do a 'whois'
> on www.aaa.com and contact the tech admin who can duplicate this and is
> very concerned that information from his forms may be routed to xxx.bbb.com.

Is it "his" form? On a big site, the domain contact is likely to have no
clue about _all_ the web pages on their site.

...
> Is there another way to do this?  Could a third-party spammer, for example,
> capture email addresses posted to such a form?

That's a keeper.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps