Forum OpenACS Development: Spam prevention and OpenACS design?
Still, in prior OpenACS releases, the implementation was left up to each page designer, and there were some leaks. For example, within the SDM, I believe that unregistered visitors can determine the email addresses of each package owner. (Log out, and then visit https://openacs.org/sdm/package-releases.tcl?package_id=2)
Is there any support in OpenACS 4 for displaying email addresses only under appropriate circumstances? The solution that comes to mind would be some sort of OpenACS routine that a developer would call whenever for any email address to be displayed, and that routine would determine if it's appropriate for the email address to be displayed, and if not, mangle it for the circumstance.
In the case of an unregistered visitor, the email address can be smushed to an empty string. At other times, the email address might be displayed as a text string and not as a mailto: link.
For sites very sensitive to the issue, email addresses might never be revealed, but each email address might be displayed as a form button that allows registered users to send an email to recipient via a web form and a smop. In that case, one registered user might never know the actual email address of the actual other registered user being sent mail, and yet, the mail could still get through.
Is there anything within OpenACS 4 that helps out now, and/or is this an interesting feature to think about for future incarnations?
your point is very good. Google for example indexes the profile pages so they are already going around it. check: Googles searching for my name. The third or forth appeareance is the openacs profile.
One way would be to warn the administrator that emails have been left to the open. Maybe then by default turn on the internal mail form