Spam submission tools don't actually fill out your form, they just post values programatically, imagine they are just doing a cfhttp post. This is why the often fail to include some values, they are just trying to get junk entered into your database and hopefully send someone an email with their crap content.
One of the most effective filters is checking the cgi.HTTP_REFERER, they often don't bother trying to fake this out. If the request doesn't come from your site, just trash it. If you want to get more proactive, you can do things like, set a session var on the page with the form and then check for it's existence when the form is submitted. Ideally, someone would have to have come to the site and viewed the form, which would have set the session var and then it should exist on the action page. There are more obtrusive ways to go as well, captchas and answering simple math questions, but those tend to annoy your real users. Try checking the cgi.HTTP_REFERER and the session trick, Im sure you'll see at least a 95% reduction in spam traffic. =] -- Alan Rother Adobe Certified Advanced ColdFusion MX 7 Developer Manager, Phoenix Cold Fusion User Group, AZCFUG.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317117 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
