Jump to content

mail html form spam prevention

mikefrederick

By mikefrederick
in Miscellaneous

 Share

Recommended Posts

libertyct Member

libertyct

Posted
Posted

How do you mean?

 

You control where the e-mail will be sent, so I'm not sure how anyone could send spam from it.

 

someone can actually spam you using your own forms on your site. ever notice how very few company's actually have those contact forms on their sites nowdays?

TransmogriBenno Newbie

TransmogriBenno

Posted
Posted

I would say that it's a lot better than having a contact e-mail address displayed that can be parsed and stored in a spammer's database.

 

I've been putting contact forms on sites for years and haven't ever had a problem. What would be the point of a spammer sending stuff to the same person over and over, through a web form where the owner of the form knows exactly where the spammer came from?

mikefrederick Regular Member

mikefrederick

Posted
  • Author
Posted

if you're not careful hackers can alter the email itself as well, including the headers. mostly i was wondering what the advantage of image verification vs. a hidden field is? there must be one because everyone uses image verification, but a hidden field is more pleasant for the user.

kenrbnsn Regular Member

kenrbnsn

Posted
Posted

The problem with using the hidden field is that it's not hidden from a view source and if you're not careful about how validate the value of the hidden field it can be compromised. A lot of spambot scripts will get the HTML source of your form and will send directly to your processing script with the fields filled in -- ususally with junk.

 

BTW, since this question doesn't really pertain to a PHP problem, I'm moving it to the Miscellaneous area.

 

Ken

GingerRobot Regular Member

GingerRobot

Posted
Posted

A lot of spambot scripts will get the HTML source of your form and will send directly to your processing script with the fields filled in -- ususally with junk.

 

That's really the point of the hidden field protection though, isn't it? Seeing as a normal user wouldn't see the field, they wouldn't fill it it. The bot does 'see' the field so fills it in so you know it's a bot.

 

There are issues though. This type of protection idea is becoming more common so i would be surprised if newer bots don't check to see which fields are hidden and then don't fill those in. Though im no expert, i would also imagine there would be problems with accessibility. I wonder wether or not screen readers would ignore the hidden field?

Daniel0 Advanced Member

Daniel0

Posted
Posted

AFAIK screen readers ignore things which have display:none;. However, it wouldn't be easy to program a bot to not fill in a specific field. This is especially the case if the bot was configured that that particular form.

 

Uh... I meant to say "it wouldn't be difficult"...

SharkBait Advanced Member

SharkBait

Posted
Posted

I've used CAPTCHAs which seem to work for the most part though people (bots too) are getting smarter about getting past them. Though never display your email address in the form, or hidden. If you need to try and obscure it. You could use an image to display your email address but I know people who have programs that scan images for text etc ;) pretty neat actually.

 

If you use a server-side language such as PHP you can do some pretty cool validation and parsing of the information being sent, including checking to see if someone is trying to hack or force new email headers and since you can store you email address server-side in a variable they can't retrieve it and use it to spam the crap out of you.

 

I've used forms with CAPTCHAs for multiple projects and the only spam they would receive would be form someone actually taking the time to fill it out which is really rare.  I think one of the forms I have on a website has only received 2 spam emails since it has been in place for about 3 years.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.