Page 1 of 1
how to prevent spam in emails??
Posted: Thu Jul 02, 2009 6:55 am
by rrn
in my website i have made a form for sending emails .. i have also done the code for sending emails to my id ...
its working fine , am receiving emails...but the problem is that , i am also receiving spam emails...how can i pevent spam emails reaching my mail id??????
any help will be appreciated........
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 7:10 am
by VladSun
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 8:02 am
by SeaJones
dunno if it's good, but this one is bloody popular.
http://recaptcha.net/plugins/php/
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 8:08 am
by Eric!
Some users hate trying to read those graphics and the bots seem to still get around them from time to time. If you just use captcha they will still target your form with their scripts....just hoping to get through.
I perfer hard filters. It has worked to block 100% of spam messages and just requires a little php. I posted the functions and explanations here.
viewtopic.php?f=34&t=102450
They also take your form out of their attack list after a while
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 8:45 am
by SeaJones
I'd go along with Eric's solution there, but I'd use a preg_match rather than eregi. Should be (slightly) lighter on the system.
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 8:49 am
by VladSun
How's Eric's solution going to stop SPAM sent to rrn's e-mail via the email form?
It's good for preventing header injections and related stuff, but it won't help rrn stop receiving SPAM from his own mail form.
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 8:56 am
by SeaJones
This is true, I just wanted to mention the thing about preg_match if I'm honest with you. The captcha thing was already mentioned, and I didn't read his post in too much detail.
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 9:04 am
by Eric!
All spam contains hyperlinks. Those are rejected too.
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 9:12 am
by VladSun
Eric! wrote:All spam contains hyperlinks. Those are rejected too.
[s]1. You code filters only LF and CR characters - it won't filter any hyperlinks.[/s]
2. I would never filter a message only because it contains a hyperlink...
PS: Oh, I just saw the
Code: Select all
if(stristr($comments,"http")!=FALSE)
code lines ... Excuse me for missing it.
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 9:19 am
by VladSun
@Eric - I'm not saying that your code is bad. I'm just saying it's not enough to protect rrn from geting SPAMMed. At the same time, I think that including a code like yours in mail forms is a MUST.
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 9:20 am
by Eric!
If you read the full post you'll see this.
Next for spam that is sent directly to you, just scan the message for links and reject the message.
Code: Select all
if(stristr($comments,"http")!=FALSE) // does http appear in the text?
{
errormsg2(); // this is a spam attempt. Tell user no links allowed and reload form
return;
}
errormsg2() just does what the comments say.
Make sure your error messages are verbose, explaining to the user exactly what they did wrong in case it is a legitimate user who innocently entered to: in subject or tries to send you a link
You would be surprised how a user who enters a link then is told sorry, don't enter http in your message they will just put
. But the spammers completely go away.
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 9:29 am
by VladSun
Yes, I've read it to the end and I've already asked to be excused.
I would agree with you but to some degree
Most of the spamassassin filters put a big weight on emails containing hyperlinks. Spammers know that - they know that even they have managed to abuse an email form, they still have to pass the SPAM filters of the mail server. So, they often send SPAM containing only plain text and no obvious (for machines) hyperlinks.
A second case would be if the spammer knows about your http filter simply by seeing your warning while exploiting your email form. It won't protect from batch SPAM, while CAPTCHA would.
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 9:34 am
by Eric!
VladSun wrote:@Eric - I'm not saying that your code is bad. I'm just saying it's not enough to protect rrn from geting SPAMMed. At the same time, I think that including a code like yours in mail forms is a MUST.
My code is crude and rough, but I can tell you after getting my mail system hijacked via injection years ago a link to my form has been included in tons of spamming databases and they have been coming at it for a long time with lots of tricks. I spent a long time just sanitizing their input and watching them and tracking IPs and notifying hosts of their spammer users. Before I just started blocking them, so from hard won experience I can say it works.
I still sanitize the input fields in case something new is invented, but so far so good.
Re: how to prevent spam in emails??
Posted: Thu Jul 02, 2009 9:42 am
by Eric!
VladSun wrote:Most of the spamassassin filters put a big weight on emails containing hyperlinks. Spammers know that - they know that even they have managed to abuse an email form, they still have to pass the SPAM filters of the mail server. So, they often send SPAM containing only plain text and no obvious (for machines) hyperlinks.
A second case would be if the spammer knows about your http filter simply by seeing your warning while exploiting your email form. It won't protect from batch SPAM, while CAPTCHA would.
I would normally completely agree, but experience has taught me differently. I used to average about 50-80 attacks a day after the hijack and 10-20 afterwards until the hard filters, but for the past year I get about 10 a month. I guess the plain text spammers haven't found me because I've never seen one come through my mail form despite its popularity with spammers.
Edit: google captcha bypass for some interesting reading