No Mercy Anti-Spam Script

[khendar]

I've been working on an anti-spam email PHP script for one of the sites I'm developing. The script is designed to be a generic script which can be reused across multiple sites.

 

It works in multiple stages:

• Sending form must send a returning url variable. If it does not, the script shows a general error. This is intended to prevent cross site scripting hacks
  
• HTTP_REFERER must be in an allowed array which I maintain. If HTTP_REFERER is null or is not contained in this array, an error is returned.
  
• Email address must be syntactically valid, otherwise an error is returned.
  
• REMOTE_ADDR is checked against a blacklist of known spammer IPs. If the REMOTE_ADDR is in the list, an error is returned
  
• All fields are checked for spam keywords against a list of common spam words. If any spam words are found, the IP is added to the blacklist and an error is returned.
  
• Finally, the recipient address is hard coded so emails come to me and me only.
  

 

 

Now...I'm after feedback on how this works. Am I going overboard ? Is there any additional security measures that I should be taking ? I have considered adding a hash key system to the script, would this be overkill ?