Human-only precautions such as a CAPTHA for form entry helps, as does some
anti-spam features on your web server. However, my server
gets hammered with thousands of spam a day... and I got so frustrated with
that sort of thing that I changed my feedback form to a text field that
saved the contents into a CSV file.
Bots and other spam bounced harmlessly away. However, would you believe
people HAND TYPED spam into the form? Who has that kind of time on their
hands? Oh... yeah... spammers.
not surprising at all ...
I suspect that some of the bigger spammers are using sweatshop slave labour
to sign up lots of yahoo/hotmail/gmail/etc email addresses to use to receive
and process verification emails for bots that can actually sign up as users
I see lots of bots trying to register on anything that looks at all like a
user registration form and have to keep coming up with new tricks to keep
I hate captchas and have so far avoided using them.
(btw I've even seen spam posts advertising capcha services! - very sus ... )
IMPORTANT: - if a form causes email to be sent (like a site contact form)
MAKE SURE that your script strips newlines from any fields that end up in
the mail header.
If newline chars are not stripped it can be very easy for a spammer to
inject extra bcc headers and use it to send email spam to long lists of
(this is very common - I've seen lots of badly-written form-to-email scripts
abused this way over the years and if asked to check on a website reported
to be sending email spam it is one of the first things I look for!)
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Help: [EMAIL PROTECTED]