how to prevent spam in emails??
Moderator: General Moderators
how to prevent spam in emails??
in my website i have made a form for sending emails .. i have also done the code for sending emails to my id ...
its working fine , am receiving emails...but the problem is that , i am also receiving spam emails...how can i pevent spam emails reaching my mail id??????
any help will be appreciated........
its working fine , am receiving emails...but the problem is that , i am also receiving spam emails...how can i pevent spam emails reaching my mail id??????
any help will be appreciated........
Re: how to prevent spam in emails??
There are 10 types of people in this world, those who understand binary and those who don't
Re: how to prevent spam in emails??
Some users hate trying to read those graphics and the bots seem to still get around them from time to time. If you just use captcha they will still target your form with their scripts....just hoping to get through.
I perfer hard filters. It has worked to block 100% of spam messages and just requires a little php. I posted the functions and explanations here.
viewtopic.php?f=34&t=102450
They also take your form out of their attack list after a while
I perfer hard filters. It has worked to block 100% of spam messages and just requires a little php. I posted the functions and explanations here.
viewtopic.php?f=34&t=102450
They also take your form out of their attack list after a while
Re: how to prevent spam in emails??
I'd go along with Eric's solution there, but I'd use a preg_match rather than eregi. Should be (slightly) lighter on the system.
Re: how to prevent spam in emails??
How's Eric's solution going to stop SPAM sent to rrn's e-mail via the email form?
It's good for preventing header injections and related stuff, but it won't help rrn stop receiving SPAM from his own mail form.
It's good for preventing header injections and related stuff, but it won't help rrn stop receiving SPAM from his own mail form.
There are 10 types of people in this world, those who understand binary and those who don't
Re: how to prevent spam in emails??
This is true, I just wanted to mention the thing about preg_match if I'm honest with you. The captcha thing was already mentioned, and I didn't read his post in too much detail.
Re: how to prevent spam in emails??
All spam contains hyperlinks. Those are rejected too.
Re: how to prevent spam in emails??
[s]1. You code filters only LF and CR characters - it won't filter any hyperlinks.[/s]Eric! wrote:All spam contains hyperlinks. Those are rejected too.
2. I would never filter a message only because it contains a hyperlink...
PS: Oh, I just saw the
Code: Select all
if(stristr($comments,"http")!=FALSE)There are 10 types of people in this world, those who understand binary and those who don't
Re: how to prevent spam in emails??
@Eric - I'm not saying that your code is bad. I'm just saying it's not enough to protect rrn from geting SPAMMed. At the same time, I think that including a code like yours in mail forms is a MUST.
There are 10 types of people in this world, those who understand binary and those who don't
Re: how to prevent spam in emails??
If you read the full post you'll see this.
. But the spammers completely go away.
You would be surprised how a user who enters a link then is told sorry, don't enter http in your message they will just putNext for spam that is sent directly to you, just scan the message for links and reject the message.
errormsg2() just does what the comments say.Code: Select all
if(stristr($comments,"http")!=FALSE) // does http appear in the text? { errormsg2(); // this is a spam attempt. Tell user no links allowed and reload form return; }
Make sure your error messages are verbose, explaining to the user exactly what they did wrong in case it is a legitimate user who innocently entered to: in subject or tries to send you a link
Code: Select all
"www.hello.com"Re: how to prevent spam in emails??
Yes, I've read it to the end and I've already asked to be excused.
I would agree with you but to some degree
Most of the spamassassin filters put a big weight on emails containing hyperlinks. Spammers know that - they know that even they have managed to abuse an email form, they still have to pass the SPAM filters of the mail server. So, they often send SPAM containing only plain text and no obvious (for machines) hyperlinks.
A second case would be if the spammer knows about your http filter simply by seeing your warning while exploiting your email form. It won't protect from batch SPAM, while CAPTCHA would.
I would agree with you but to some degree
Most of the spamassassin filters put a big weight on emails containing hyperlinks. Spammers know that - they know that even they have managed to abuse an email form, they still have to pass the SPAM filters of the mail server. So, they often send SPAM containing only plain text and no obvious (for machines) hyperlinks.
A second case would be if the spammer knows about your http filter simply by seeing your warning while exploiting your email form. It won't protect from batch SPAM, while CAPTCHA would.
There are 10 types of people in this world, those who understand binary and those who don't
Re: how to prevent spam in emails??
My code is crude and rough, but I can tell you after getting my mail system hijacked via injection years ago a link to my form has been included in tons of spamming databases and they have been coming at it for a long time with lots of tricks. I spent a long time just sanitizing their input and watching them and tracking IPs and notifying hosts of their spammer users. Before I just started blocking them, so from hard won experience I can say it works.VladSun wrote:@Eric - I'm not saying that your code is bad. I'm just saying it's not enough to protect rrn from geting SPAMMed. At the same time, I think that including a code like yours in mail forms is a MUST.
I still sanitize the input fields in case something new is invented, but so far so good.
Re: how to prevent spam in emails??
I would normally completely agree, but experience has taught me differently. I used to average about 50-80 attacks a day after the hijack and 10-20 afterwards until the hard filters, but for the past year I get about 10 a month. I guess the plain text spammers haven't found me because I've never seen one come through my mail form despite its popularity with spammers.VladSun wrote:Most of the spamassassin filters put a big weight on emails containing hyperlinks. Spammers know that - they know that even they have managed to abuse an email form, they still have to pass the SPAM filters of the mail server. So, they often send SPAM containing only plain text and no obvious (for machines) hyperlinks.
A second case would be if the spammer knows about your http filter simply by seeing your warning while exploiting your email form. It won't protect from batch SPAM, while CAPTCHA would.
Edit: google captcha bypass for some interesting reading