On 2/11/07, Urb LeJeune <[EMAIL PROTECTED]> wrote:
It seem that any form on a web site attracts morons who capricious submit to these forms. I'm not talking about just hitting the submit button but rather a fully filled out form.
As some have mentioned, Akismet is a good solution to this, though people have had problems with false positives, and nothing is more annoying to a potential customer than having their carefully-crafted comment blocked as spam. I'm leaning toward tarpitting as a means of controlling comment spam, as it seems to be one of the only good ways to control email spam. Too many form submissions from one IP and suddenly service to that IP slows to a crawl. Devil is in the details, of course, so if anyone knows of any implementations of this, please let us know. For verifying email addresses, checking for MX record is okay but ineffective if spammer uses any of the millions of domains with valid mail exchangers. Checking email address using SMTP will fail more often than not, because these days no reputable mail service will divulge the existence of a valid account. They respond to these requests with "maybe the account exists, maybe not, just send the message and we'll let you know later" messages. The only way to prove that an email address is valid is to send a sufficiently hard-to-guess token and have the user check her mail and give it back to you. -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
