I work in a company where we sent many offer newsletters a week.
When the offer time has passed we replace some of the images of the newsletter so that it is clear the offer has ended.
Lets say that we have an image of the product and of course it has a link to our website. Apart from changing the image with the word "Ended" , is it possible to disable the link as well?
I know it might not sound possible, but wondering if there is way.
Thanks for your time.
Related
I have a cool flutter app which is used to track staff attendance. A user can check-in and check out when they start/stop working and the app record that event, calculate the number of hours worked and send a weekly summary to the manager of the staff expected wages. The current problem is that some staff members forget to check out (everyone is ok with check-in) so we don’t have good numbers and we need to manually change the attendance. I would like to add something to remember them to check out, and I am looking for creative ideas to do so. My objective is to make something very affordable.
So far I thought about two options:
to use geolocation and track when staff get in/out of a certain location and log it as check-in and check out
to set a timer when they start the shift and send a local notification if after xx hours they have not done the checkout
Geolocation seems to be the best because I can even automate the checkin/check out and do it in the backend but it will consme lots of resources in the client because I would need to check their location every while even when their at at home or on holiday...
The timer has some limits and still, I would need to manage background tasks that are complex as well as imprecise checkout depengin on when the notification goes out.
Do you have any suggestions on anything simple to implement?
I would suggest the second option.
A simple scheduler which would look for all the employees who are checked in for more than x number of hours and then throw a clickable notification to checkout. It would be an easy and clean solution. However, it has several limitations as an employee might leave early but checkout later.
In my opinion, Your most clean solution would be to have an RFID/NFC check which automatically registers as a user checks out from the building.
Another thing that can be done if your employees are working mostly on their computers. There can be a browser extension or a web app which will clock in the time they are working on their laptops. Once they close it they will be automatically checked out.
My current honey pot on my registration form is an entry for phone number which is placed off screen using position: fixed;.
It tricked a standard breed form filler, but doesn't work as well as I though. Also, the spambots immediately responded to changes in the form, meaning that this is automatic, what can I do.
Note: I hate captchs since the make they users solve my problems which is never good.
Build a really smart honeypot
That may seem obvious, but here are a few tricks(Details later):
Think Like a spam bot
Assume that they are able to know what is on screen or behind other elements
have multiple traps.
Time Trap
Honey pot
1. Think like a spam bot:
Start going through your page like a spam bot, You can even write your own which can waist time but is quite fun :).
Most spam bots will crawl through the markup looking for a <form> element. Then they will look at your inputs and fill them in appropriately, which is the catch: how do they know what to fill in. They will prbably look at the Id, class, placeholder, and label. which brings us to our first method
Method #1:
Mis label inputs in your form code. Bascily your username input should have the Id of #Form_Email boom! spam bot fills out form incorrectly. Also hide and mislabel your inputs labels, use divs instead.*
Method #2 starts here
You've probably noticed that if you simply ignore hidden stuff, based on location what is in front of it and even the good old display: none;,visibility: hidden;,opacity: 0; or type='hidden'. This gives us a powerful weapon. I discovered this by accident while testing a time trap. I used a basic form filler to fill the form. On my site(I'm not talking about GiantCowFilms.com), the register form is in a dialog that opens when a user clicks a register button. By default it is hidden. This gave me an idea for
Method #2
Default: form is hidden. Basically, your form is hidden on page load, but is uncovered by some mouse based action(I don't think bots have mouses). If you wan't your form to be visible on page load, add a I identical decoy one which is above the real one in the markup.If the bot fills in and submits it, block its Ip for a few minuets.** For really users, simply when the mouse hovers over the decoy form, switch them around.
2. Assume that they know what your page looks like
Assuming that hiding honeypot with CSS is perfect is a grave mistake. Their are a lot of super smart screen readers like JAWS that could be repurposed for spaming. That is why you have multiple lines of defense.
3. Have multiple traps
Time Traps:
Going back to thinking like a bot, would you wan't to wait on a site instead of attacking others?
Method #3:Create a time trap.
The best way is to print a time in a hidden input when the page loads. when you submit the form, it tells you how long it took. Fill the form as fast as you can. That should be the minimum amount of time to fill your for.Note: encrypt your time stamp so bots cannot change it. If you wan't to get really fancy, measure the WPM of the bot typing. This is done on stack exchange( try copy and pasting then submitting and question/answer). Also if the rate of typing is very consistent, that is a red flag.
Honeypots (Method #4):
Use all of the above at once for best results. Make sure to trick dumb bots as well as smart bots (don't assume the bot is always trying hard.).
Now, in order to spam us, bots will have to have cursors, render the page, wait, type at a variable realist speed. If they make a bot like that, Then I guess it'll be Captcha time :(.
*People using screen readers will trigger or be confused by these defenses, and depending on your country you could get into trouble for discriminating against blind to semi-blind people. Therefor, when a user triggers the bot test, take them to a non loaded form with a disability friendly captcha like reCaptcha.
**People often share Ips and you can chase away valid users.
P.S. Use simple honey pots like you already have. Some bots are just too dumb to get tricked by what we have here.
For years, I've used my own 'form spammer trap' that uses a variety of techniques to block spambots. The most effective is to obscure fields (especially the form's 'action') for a short time period. Since the bot scrapes your form for the fields, and the 'action' page, and uses that info to "CURL" your form data, putting false info in those areas will fool just about all spambots.
After a timeout (JS-based), the obscured values are replaced with their actual values. By the time that happens, the spambot has moved onto another target, and using the bogus values will fail.
I've developed this whole process into a free solution available at my "Form Spammer Trap" site https://www.FormSpammerTrap.com . That site has been around for years, and the contact form there has yet to be successfully 'spam-botted'. (You bots are welcome to try.)
To implement in your site, you add one 'include' and three functions. And you can customize the form with some advanced techniques.
For those that are interested in how a spambot works, and why common 'tricks' such as hidden fields don't work, see here: https://www.securitydawg.com/how-bots-spam-contact-forms/ .
My 'FormSpammerTrap' solution is free (PHP-based), and is available via the Contact form (just check the box to get the free code). No obligations; I don't even save your email address.
But it is quite effective. IMHO.
Added 21 Jun 2020
The "FormSpammerTrap" solution is still around, and has had significant updates over the years. The latest version allows a lot more (and easier) customization of the form, although the basic use only requires one customization entry. The documentation is greatly improved.
And I am working on version 9, which will add even more customization. It should be released in a couple of weeks.
The https://www.FormSpammerTrap.com site has full details of the latest version, how it work, and a link to a blog entry I wrote about how form spammers work (and how they can be blocked).
And it is still free - just fill out the contact form on the site and check the box and get it immediately, with full documentation and samples. It's fully guaranteed or your money back! (well, it is free...)
(And thanks for the upvote. )
Added July 2022
The program is now up to version 15, with version 16 in the works. There are tons of new features, but the process still works - it blocks all bot attempts on a contact form. Take a look at the changelog on the web site.
And, it's still free.
is there are program or script or anything that will make my email client/webmail to open webpage links from newly received emails automatically?
If someone knows or can make a add-on for thunderbird or make this to work I don't mind paying. Just I need links that are in emails I receive to be automatically opened in default internet browser tabs.
All I can say is I very very much doubt it. If there ever was one created it would most probably be removed by most download source providers as there is a fairly huge security risk there.
Additionally, aside from the security factor you have a simple load factor to account for. I regularly make newsletters for clients, each with a link to a text version, a online version, a link for the logo and so forth... So if you did have such a plugin you would also open these links, which seams crazy. Additionally, remember the Unsubscribe link for emails, on some you are asked to confirm on others you click(/open), your taken off. Which would be very undesired.
I do understand you probably have a reason X for doing this, like because its a in house email system which creates reports and it does this and does that etc. I think most people here do understand there are sometimes very odd usage cases for things, but I don't think anyone will be able to assist you here, sorry!
I'm doing a small newsletter software for my business, and I'm wondering what metrics should I collect. Obviously, bounces and clicks should be tracked, but I'm wondering should I track email opens (via an image or a bgsound element)?
Do popular webmail services and ISPs check for tracking images and possibly increase my spam score? I guess if it increases the chances of ending up in a spam filter, I'd rather not collect that metric.
Thanks.
It's generally bad form to try to track your users in that way. Email opens are a private thing.
If you have an image with a unique URL per message, yes you can track it, but IMO, you really shouldn't. Including unnecessary images in an email is bad for a number of reasons:
Images can increase your spam score. There's a time and place for images. They can improve a message, but used inappropriately, they can look spammy.
It is obvious what you are doing. Sooner or later, one of your customers is likely to get wise to it. Some people won't care; others will feel violated.
It's REALLY unreliable. Most email clients and webmails feature an option to block images by default. You will get massively understated results.
Also remember, some people open an email immediately before they click the "delete" button. You are much better off tracking clicks.
There may be some merit in tracking the images you want to include anyway, but I'd not treat it as anything more than a very basic indicator.
As always it depends on the individual ISP and Webmail services. However, I can share some anecdotal evidence: I periodically use mailchimp to send out mass email notifications, and email opens are tracked in mailchimp using the same approach you mentioned (See following link for reference: http://kb.mailchimp.com/reports/about-open-tracking). I never experienced any issues with ending up in the spam folder, I have only had challenges with bounce backs and ending up in the Gmail promotions tab.
So based on the fact that some companies are already doing this, I have to say it probably won't increase your spam score.
Most services offered online today that claim to "track" e-mails, do so by embedding images in the emails. My questions are:
Is this the only way to do it and if not, what are the other methods?
Are any of the methods actually fool-proof?
Has anybody had any luck with specific software or even an online group?
Yes, this is pretty much the only way to do it. Consider that an email is something that is inherently static. The only way to know if someone has "opened" an email is for the email to send some information back to your server. Most email clients these days support HTML emails, which means that you can get the client to request an image (or anything else) from your server by embedding the proper HTML tags. Other than this, you cannot force an email client to do anything it doesn't want to do. It's a separate program on a remote computer, and you have no control over it.
No, there's no foolproof way. There will always be emails you can't track. If someone downloads their email and disconnects from the internet before reading it, you can't track that email. Most email clients allow you to disable image loading now as well if you want to, so that can block tracking too.
I've usually written my own, so I wouldn't know what to recommend. I imagine most services will be quite similar, so I'd base a product/purchase decision on how easy their front-end is to use.
In addition to pixel tracking, a second way to track open rates is by looking for clickthroughs. If someone clicked through, then they must have opened it. This is infrequent, but it's important not to throw this data away.
More details:
How MailChimp tracks open rates
How CampaignMonitor tracks open rates
Wikipedia on email open rates
Hubspot on open rate issues
Facebook uses a bgsound element in addition to an img element like this:
<img src="http://www.facebook.com/email_open_log_pic.php?mid=999999999999"
style="border:0;width:1px;height:1px;" />
<bgsound src="http://www.facebook.com/email_open_log_pic.php?mid=99999999999&s=a"
volume="-10000" />
This is the best way, and it's hardly ideal - many e-mail clients block images to start with.
No, no methods are foolproof. A foolproof method of detecting if someone had read an e-mail would be a significant privacy issue.
I've used ExactTarget and CampaignMonitor's tracking systems. Both worked pretty well for tracking trends - i.e. twice as many people opened e-mail #1 than #2 - but you never know how many missed opens there are due to images not being shown.
Pixel tracking is the only way to track open rates. Then the links in your emails are also tracked through a redirect service for click rates. Absolutely nothing is going to be foolproof. You will have to use some guess work to figure out your actual open rate since some email clients will only take the text version and not the html and also some clients do not load images by default.
SilverPop is a popular one. They actually use PowerMTA on the back-end. Our company just ended up licensing PowerMTA and writing our own front-end and tracking.
No it's not the only way. Your HTML e-mail can refer to a web server for 'some content' which is then tracked. That could be an image, a stylesheet, some Javascript, etc. Most mail clients hate it and nothing automated is guaranteed to work.
Gain the trust of your recipient and invite them to your website. Track clicks.