Hi,
We’ve made some simple html-pages which include a form for inserting data. When the user clicks submit, the form is supposed to be sent by e-mail to a specific e-mail account. This solution is used by some clients of ours to report data into an applicaton, even if the user is off-site on a ship,
offshore, or similar.
To implement these html-pages, we’ve used the mailto protocol in conjunction with the form tag. Something like this:
<form method="post" action="mailto:dude@theinternet.com?subject=Form mailto <p>test"></p> <p>In our environment, this works just fine. We open the page in Internet Explorer, submit the form, and IE opens Lotus Notes and creates a new e-mail message with the correct recipient and the correct subject. The post data is attached to the message in a file called POSTDATA.ATT. The content of the file is in this format:</p> <p>textbox1=Testvalue&textbox2=Testvalue&textbox3=Testvalue&textbox4=Testvalue&textbox5=Testvalue&textbox6=Testvalue&textbox7=Testvalue</p> <p>But, as it seems, this is not working for all clients. We’ve recently discovered that at one of our customers none of the clients get this to work properly. They are using IE 6.0 to post the form, the e-mail client is opened - they are also using Lotus Notes - and the message is created, but with</p> <p>no attached file; the POSTDATA.ATT is missing. This is really surprising, specially since these clients are using IE 6.0 and Lotus Notes - which is exactly the same as we are using in our environment - and here it’s working perfectly.</p> <p>I know it’s being said that the mailto protocol is “unreliable” or “not recommended”, but still we’ve not been able to find information about why it’s “unreliable”. One should think that if two clients are using the same browser and the same e-mail client, the result of the operation should be the same at both the clients. In this case it’s not.</p> <p>We’ve also tried to find out if the mailto protocol can somehow be disabled, either by a thirdparty application (like a antivirus client for instance) or by the systems involved in the operation (MS Windows OS, IE, or the Lotus Notes). No such luck so far.</p> <p>My hope is that some of you reading this may be familiar to the topic, or have some sort of first-hand information about the security issues involved in this protocol, and that you’re willing to help us out here.</p> <p>Thank you.</p> <p>Best regards,</p> <p>Jon Vidar Grøtte</p> <p>Synergi Solutions</p>