[!--quoteo(post=340644:date=Jan 28 2006, 10:33 AM:name=jcombs_31)--][div class=\'quotetop\']QUOTE(jcombs_31 @ Jan 28 2006, 10:33 AM) [snapback]340644[/snapback][/div][div class=\'quotemain\'][!--quotec--] I don't want to have a user input from an image file to send a simple email or sign a guestbook, but I have a couple sites that are getting hammered by spam throught these two forms. I don't think a timestamp will stop it, and the ip range is always different, so what's the best way to block it without creating images with text? [/quote] Are you using forms that contain an email address. If so then you are going to need a rewrite. Checking that the form is being run from your server is no good because hackers are skilled at hacking round these checks. Any form that contains an email address to send the email to are an open invitation to spammers.