Webmaster Forum / ColdFusion / Advanced Techniques / July 2007

Sure hope you're using https.  You're opening a whole can of liability by
actually logging onto someone elses email account and in some cases may be
violating that user's TOS which could get their email account delisted.

I'd suggest a tell a friend page instead where they fill in 5 email fields.  
Add an incentive such as each email is worth an entry in a monthly drawing for
something.  I also suggest that you validate that email once the recipient
accepts.  

You still have to worry about SPAM laws, so make sure you track who submitted
the emails and prevent abuse such as someone suddenly blasting out hundreds of
emails, have a decent TOS, an opt out method and so on.

Strange answer.
It works only with autorisation of the user (of course , we beed him to
temporaremy give his password) so there is no violation of privacy.
the problem is not the 5 fields. Myspace and other big sites  do it !
The problem is that this solution exist for other languages and we see
concurrent that use this really viral way  and their numbers dramatically
increases. Why does this solution exist for .net, php , asp and not for CF
???This is the question. We need this but will not migrate all our code to php
only for that ????
Producrs exist but never for CF.
See for example http://www.octazen.com/product_abimporter.php for more info.
Not using it is just as be died in a few months if other does.

Don't get me wrong, I'm not saying it isn't possible, I was just mentioning
that you might want to consider another option, giving the user a bit more
control.  

I haven't seen any CF based solutions for what you are describing, but If
you've found scripts in c++, consider turning that into cfx_tag.  If you can
find a Java based solution, that might be easier to integrate by installing the
class/jar file and using cfobject.

Screen scraping is probably the only option unless the target service provides
an easily consumable source such as XML or through an API.  In the case of a
Yahoo Premium account, you can export contact information, such as to a CSV.  
You may also have to develop the authentication mechanism which might require
the use of an API key along with some encryption mechanism (usually MD5)  to
encode  the api key, userid, and password to obtain an authenitcation  token.

As far as "MySpace is doing it", there might be some behind the scenes
agreements that have been worked out both from a technical as well as a  legal
aspect.  I would suggest that you contact each service that you are planning on
supporting with this feature directly.  The response you get back should give
you a pretty clear indication on what is allowed, assuming you can get past the
"Customer Support" screeners.  

You mentioned that what you are attempting is temporary in nature, but can the
user be 100% convinced that it is temporary?  Unless the user has 100% access
to your system to verify that the information hasn't been kept in a log or
database, they can't be sure.  Case in point, Disney is a well respected
company but recently one of their employees was caught in an Identity Theft
Scheme.
(http://www.identitytheft911-newdimensionsfcu.com/alerts/alert.ext?sp=996)

A user's permission doesn't mean that you haven't violated the services "TOS"
.  While there are coding applications in other langages that can perform email
harvesting, that doesn't necessarily mean that they are legal just because they
exist.

Here's an excerpt from the Yahoo Developer docs on the Mail API
(http://developer.yahoo.com/mail/docs/html/index.html)
.  Item 2, while it specifically states "User Data", the contents of the
address book could be easily construed as user data.

--------------------------------------------------------------------------------
------
1. You must use the Browser Based Authentication API to enable access to the
user's Yahoo! account through your Application.

2. You may not use the Yahoo! Mail Web Service API to mine or scrape user data
from the user's Yahoo! account.

3. You may not use the Yahoo! Mail Web Service API to recreate a mimicked
version of Yahoo! Mail on your site.

4. You may not use the Yahoo! Mail Web Service API to display the user's
Yahoo! account information in a third party email client.