There are some things that can be done at the form level, I've used several of these with good results (these are not in any particular order): 1) add a capcha/security image to the form. 2) check the referrer before actually emailing the form results to make sure the submission is coming from the correct site. 3) add an hidden field to the form with an empty value. If the field has a value on submit, then the form was most likely submitted by a bot, they tend to put data in every field. Name the field with something like "email3" or "phone5", etc rather than something obscure to better capture bots (at least this is what I read in a couple of places). 4) validate data on the backend before submitting to reduce the email injection issues. PHP email injection has been talked a lot recently on many blogs and tech sites. I do 2 & 4 as a practice. #3 is one we've recently tried with good results. I haven't had to resort to #1 yet. Bill -----Original Message----- From: Gustav Wiberg [mailto:gustav@xxxxxx] Sent: Tuesday, May 15, 2007 1:55 AM To: 'php windows' (php-windows@xxxxxxxxxxxxx) Subject: spam-attempts at certain domain - what to do. Hi there! We get a lot of spam through forms at a certain domain. (We get a mail that there is a spam attempt (this is done by us through code) - there's not actual a spam sent). Is there any thing to do more than creating spam-filters in PHP and the mail-server? (if you know there is a certain domain it is a problem with) Best regards /Gustav Wiberg -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
