Email addresses inside URL

Question

Is it safe to use e-mail addresses inside URLs? I mean lets say a web-application has a registered user \"Bob\" and Bob has been registered by using his email => Bob@

Answer 1

Basically it depends on if you love or hate your users. When you do what you suggest, these URLs will spread on HTML pages on the web. Not necessarily confined to your own site, because people may link to it.

When your page gains enough traction to become important, crawler authors for spam bots will notice and add rules to their crawlers to extract the email address from URLs. It might even not be necessary, because some dumb regexes might already find the email without adaption.

Then, your users' email addresses will land on spammers' lists and get "unwanted adverts", euphemistically speaking. (These email lists will be rather high-valued, too, because they are "verified" to be real, existing ones.)

What you're doing here is giving away a private bit of identification your users trusted you with. Never ever allow that to be in public, unless your users told you so!

From a technical perspective, you can just go for it.