Browser annoyances - mailto: links

Updated: January 9, 2009

You are all familiar with the mailto: links; these are (annoying) things that launch your mail client, even if you are not using one in day-to-day work, causing a 2-3 second freeze of your machine while it crunches unpleasant bits. Still, all in all, if the delay were the only problem, it would be relatively easy to cope with mailto:. There's also a security aspect involved. And a significant usability aspect.

Security aspect

First, let's take a look at the security side of the mailto: links:

Mailto link

Launching external programs through the browser can be problematic:

The above examples touch the security aspect - and may not be as ominous as they appear, mostly because you have to interact with pages to launch the mail client, so you retain the control. Still, it is quite possible that you may click on a mailto: link by mistake. Most of us did it at least once in their surfing career.

Usability aspect

Then, there's the usability aspect to consider, too:

All of the above make the use of mail clients quite uncomfortable for people who do not use them normally. And they may also annoy the regular users of mail clients.

So, let's review how we can safely configure our browsers to "protect" us against mail clients. I will demonstrate the functionality in Windows. But the idea remains the same, since quite a few browsers are cross-platform anyway.

Firefox browser

It is quite easy to configure Firefox to:

  1. Warn if you're trying to launch a mail client.
  2. Disable this function altogether.

Warn

Firefox functionality is governed via about:config. Simply type about:config in the browser's address bar, hit Enter and you'll be taken to the configuration page. The configuration page consists of Preference names (variables) in the first column, their current Status in the second, the Type of the preference, and the set Value.

There are quite a few preferences available. We are interested in one called network.protocol-handler.warn-external.mailto. In order to quickly skip to it, use the Filter: field. Simply start typing into it. It's similar to the Search field you use in everyday browsing; it will dynamically browse through the available options.

Once you find the desired Preference, let's examine it. It's Status is set to default, meaning the configuration the browser normally ships with. This is also useful in helping you know which options you tweaked. The Type is boolean - most are. This means the option will either work, if the the Value is set to true - fail, if the value is set to false.

To change the current setting, simply double click the line. It will turn bold, the Status and the Value will change.

About:config warn mailto

Let's examine the effect of this. Earlier, I have created a simply HTML file that contains a mailto: link. Now, when we click on the link, we'll be presented with a warning. We can either launch the application or cancel the attempt. Furthermore, you can tick the checkbox Remember my choice ..., although I do not recommend it.

Browser mailto link warning

Disable

You can disable the mailto: links altogether. You need to change the value of the network.protocol-handler.external.mailto from true to false. The mailto: links will no longer work.

About:config disable mailto

Opera browser

The idea is the same. Opera uses the same about:config functionality like Firefox. The only difference is the way things are presented.

Opera about:config

We need to click on Mail.

Opera about:config mail

What we are interested in is the Handler field. Different values govern different actions.

Value Action
0 mailto: link disabled
1 launch Opera mail
2 launch custom mail client
3 launch default mail client

Internet Explorer

Unfortunately, Internet Explorer does not like when the mailto: handler is disabled. So to overcome this problem in Internet Explorer, you will need a slightly different approach:

Conclusion

That's about it. Disabling / reconfiguring the mail client is a small piece of the overall Internet security scheme, but it might save you a bit of hassle here and there.

Although I have demonstrated the above functionality primarily for Windows users, the idea is the same for all operating systems. The same preferences can be set in other browsers, on other systems, like Linux or MAC.

Then again, since NIX-based operating systems run with non-root accounts by default, the potential impact of mailto: exploits is dramatically reduced, if not virtually non-existent. However, the usability and privacy implications remain.

It's up to you to decide whether the use of mail clients through browser links is something you need or want, whether the potential risks are acceptable and if you can handle the extra time wasted. The entire issue is no biggie, but it is definitely food for thought, in the amazing menu of dishes that Internet serves us.

Enjoy.