Re: [PHP] Re: Question About Blocking Email Addresses in Forms
Richard Lynch wrote: On Fri, January 18, 2008 10:41 am, Per Jessen wrote: 2. check that the domain exists and has an MX. I believe this will foul you up... I *think* many domains just use their regular domain as MX if there is no MX. We've been using the method on public forms for at least 3 years with no issues. I have yet to come across a domain that actually does not have an MX record and just relies on the default working. But if it should ever become a problem, the check is easily changed to look for an A-record, which IS required for email-delivery. And the Bad Guy can easily change tactics to use [EMAIL PROTECTED] or whatever, once they figure out you only check for MX records... Though it could work as a stop-gap measure at least. Sure - my two-step validation without CAPTCHA is minimal effort, but that's good enough for me for the time being. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Question About Blocking Email Addresses in Forms
Thanks for all of your suggestions which all point to using Catpcha. I have actually already implemented Capchta and they are still getting around it. Even if they are entering it manually rather than via a bot, is there a way to check if the email address is of a specific format and if so then don't process the form? Javier Huerta [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am wondering if there is a way to block out email addresses in specific format from a form? We ahve a form that people have to enter an email address, and the form has been getting used by bots to send spam to a listserv. The email address they enter is in this type of format [EMAIL PROTECTED], and of course it is always just a bit different every time. Any help is greatly appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Question About Blocking Email Addresses in Forms
On Jan 18, 2008 10:55 AM, Javier Huerta [EMAIL PROTECTED] wrote: Thanks for all of your suggestions which all point to using Catpcha. I have actually already implemented Capchta and they are still getting around it. Even if they are entering it manually rather than via a bot, is there a way to check if the email address is of a specific format and if so then don't process the form? Javier Huerta [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am wondering if there is a way to block out email addresses in specific format from a form? We ahve a form that people have to enter an email address, and the form has been getting used by bots to send spam to a listserv. The email address they enter is in this type of format [EMAIL PROTECTED], and of course it is always just a bit different every time. Any help is greatly appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php If a human is involved you can't really do anything about it other than slow them down. If they're doing this a lot you can implement some backend server tracking. It is really hit and miss, but you can try tracking by IP, but proxies make this fail. You can also make sure that you require sessions. That might help a bit but a user can always clear their cookies. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Question About Blocking Email Addresses in Forms
Hello, on 01/18/2008 01:55 PM Javier Huerta said the following: Thanks for all of your suggestions which all point to using Catpcha. I have actually already implemented Capchta and they are still getting around it. Even if they are entering it manually rather than via a bot, is there a way to check if the email address is of a specific format and if so then don't process the form? Sure. If you just want to block addresses of some domains, you do not even need to use regular expressions. Try something like this: $block = 'jhgfghjk.com'; $email = $_POST['email']; if(substr($email, -strlen($block)) === $block) { do whatever you want to not accept this address; } If you iterate this code over a list of blocked domains taken from an array, you have implemented a generalized black list. -- Regards, Manuel Lemos PHP professionals looking for PHP jobs http://www.phpclasses.org/professionals/ PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Question About Blocking Email Addresses in Forms
On 18 Jan 2008, at 16:01, Eric Butera wrote: On Jan 18, 2008 10:55 AM, Javier Huerta [EMAIL PROTECTED] wrote: Thanks for all of your suggestions which all point to using Catpcha. I have actually already implemented Capchta and they are still getting around it. Even if they are entering it manually rather than via a bot, is there a way to check if the email address is of a specific format and if so then don't process the form? What does your form actually do? Does it email you, email them, stick something in a DB? What? Regardless, if they're entering a nonsense email address and are managing to get your script to email other people then you're not validating the inputs correctly. For example, are you checking that the email address does not contain carriage returns or line feeds? Same with the subject if your form includes that. Anything that comes from the form and ends up in the email headers needs to be checked in this way. The answer to your question is only if you can define the format precisely enough. -Stut -- http://stut.net/ Javier Huerta [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am wondering if there is a way to block out email addresses in specific format from a form? We ahve a form that people have to enter an email address, and the form has been getting used by bots to send spam to a listserv. The email address they enter is in this type of format [EMAIL PROTECTED], and of course it is always just a bit different every time. Any help is greatly appreciated. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php If a human is involved you can't really do anything about it other than slow them down. If they're doing this a lot you can implement some backend server tracking. It is really hit and miss, but you can try tracking by IP, but proxies make this fail. You can also make sure that you require sessions. That might help a bit but a user can always clear their cookies. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Question About Blocking Email Addresses in Forms
What does your form actually do? Does it email you, email them, stick something in a DB? What? The form sends an email to a listserv and cc's the sender and then enters data into a database. Regardless, if they're entering a nonsense email address and are managing to get your script to email other people then you're not validating the inputs correctly. This is what I am not sure about how to go about doing. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Question About Blocking Email Addresses in Forms
Javier Huerta wrote: Thanks for all of your suggestions which all point to using Catpcha. I have actually already implemented Capchta and they are still getting around it. Even if they are entering it manually rather than via a bot, is there a way to check if the email address is of a specific format and if so then don't process the form? 1. use a regex to validate the email-address syntax 2. check that the domain exists and has an MX. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Question About Blocking Email Addresses in Forms
On Fri, January 18, 2008 10:41 am, Per Jessen wrote: 2. check that the domain exists and has an MX. I believe this will foul you up... I *think* many domains just use their regular domain as MX if there is no MX. And the Bad Guy can easily change tactics to use [EMAIL PROTECTED] or whatever, once they figure out you only check for MX records... Though it could work as a stop-gap measure at least. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php