Richard Lynch wrote: > On Fri, January 18, 2008 10:41 am, Per Jessen wrote: >> 2. check that the domain exists and has an MX. > > I believe this will foul you up... > > I *think* many domains just use their regular domain as MX if there is > no MX. We've been using the method on public forms for at least 3 years with no issues. I have yet to come across a domain that actually does not have an MX record and just relies on the default working. But if it should ever become a problem, the check is easily changed to look for an A-record, which IS required for email-delivery. > And the Bad Guy can easily change tactics to use blahbalh@xxxxxxx or > whatever, once they figure out you only check for MX records... > Though it could work as a stop-gap measure at least. Sure - my two-step validation without CAPTCHA is minimal effort, but that's good enough for me for the time being. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
