Do not spam our email addresses

Further investigation reveals that the email address in question is encoded by your plugin on the page in question – https://carnethy.com/carnethy-organised-races/scottish-long-coastal-relays/ but the encoding is defeated by the Facebook Open Graph text in the head, which has rendered it in plain text.

I suppose this will have happened on many other pages. I await further responses from people you have informed.

I’m sorry to hear that you don’t appreciate the warning, most people do.

Like the email says, it’s a one-time-only courtesy message.

If you want to encode email addresses in your header, such as open graph tags, you can follow this guide to manually encode them, or upgrade to the premium version.

I don’t think you understand.

I don’t appreciate the email address recipients receiving a warning. The one quoted was sent to someone (not an admin or creator of the page) who then asked me what he should do about it.

I would welcome a warning to me, the site admin.

You have spammed who knows how many email address owners without telling me, the administrator.

• This reply was modified 6 years ago by digbymaass.

There is sadly no way for me to find out the admin’s email, but I’ll add an opt-in to the scanner to avoid this happening in the future.

We also received notification from one of our email address recipients complaining about being contacted directly. If someone is logged in as an admin and clicking the Open Page Scanner button, then they could also have the option to have all notifications go to the WP admin (or some other email address) instead of emails contained within content that could belong to recipients with no technical expertise and/or a relationship with the website admin or owner that would make such communication unacceptable.

Yes. It’s very embarrassing for us site creators/admins. I also wonder if it’s illegal. GDPR and all that. In our case the email addresses were only visible in the page source, not openly public. There was no indication that email addresses would be harvested – ie I did not give permission for them to be harvested.

The recipients of these ‘friendly warnings’ would have no idea as to what this was all about, and unless someone contacted me, I would not know this had happened.

Very unsatisfactory.

• This reply was modified 6 years ago by digbymaass.

@carolkn: Thanks for your suggestion. The next version will include a similar opt-in process to get notified.

Also, the “automatic emails” have been replaced by an opt-in form on encoder.till.im/scanner, so you won’t receive any further warnings by email.

Actually nobody needs to be contacted by email, and shouldn’t be. It’s an online tool and like all such tools the result should just be shown on screen. The person initiating the search is the only person interested in the result. Emailing the email address recipients is simply pointless.

Digbymaass — Thank you very much for this post!! I was going to install this plugin, but after reading about these issues, will certainly stay away.

Just don’t use the page scanner and it won’t happen. In any case, the overlords of WordPress have said that email encoders aren’t effective. Being a total sceptic I’m torn between not believing them and thinking anything’s better than nothing. At the moment we still use it, but it’s totally defeated by the OpenGraph plugin rendering the email addresses as normal text in the OG tags. Bah.

@chuckzwood: This has been resolved and the notification emails are now opt-in only.

@digbymaass: You can encode email addresses in open graph tags as well. If you’re using Jetpack, for example, it would look like this:

add_filter( 'jetpack_open_graph_tags', function ( $tags ) {
    return array_map( function ( $tag ) {
        return eae_encode_emails( $tag );
    }, $tags );
}, 100 );

We don’t use Jetpack but we do use the plugin ‘Open Graph for Facebook, Google+ and Twitter Card Tags’. Don’t suppose you would know how to encode OG tags using this?

Tricky, their codebase is quite messy. Try this, but make sure it doesn’t break any open graph tags.

add_filter( 'fb_og_output', function ( $html ) {
    return eae_encode_emails( $html);
}, 100 );

That worked! I’m impressed! Can you explain it?

• This reply was modified 5 years, 11 months ago by digbymaass.

Sure, fb_og_output is a filter used by the “Open Graph for …” plugin that allows you to change the generated open graph tags.

For example, if you’d use the code below, no OG tags would show up.

add_filter( 'fb_og_output', '__return_empty_string' );

What we’re doing is running the eae_encode_emails() function provided by this plugin over the open graph tags and obfuscate emails.

Does that help?