Human-only precautions such as a CAPTHA for form entry helps, as does some anti-spam features on your web server. However, my server gets hammered with thousands of spam a day... and I got so frustrated with that sort of thing that I changed my feedback form to a text field that >saved the contents into a CSV file.

Bots and other spam bounced harmlessly away. However, would you believe people HAND TYPED spam into the form? Who has that kind of >time on their hands? Oh... yeah... spammers.

not surprising at all ...

I suspect that some of the bigger spammers are using sweatshop slave labour to sign up lots of yahoo/hotmail/gmail/etc email addresses to use to receive and process verification emails for bots that can actually sign up as users on websites.

I see lots of bots trying to register on anything that looks at all like a user registration form and have to keep coming up with new tricks to keep them out. (eg bot trap fields, passing id's across forms, javascript tricks, heuristics, etc).

I hate captchas and have so far avoided using them.

(btw I've even seen spam posts advertising capcha services! - very sus ... )

IMPORTANT: - if a form causes email to be sent (like a site contact form) MAKE SURE that your script strips newlines from any fields that end up in the mail header.

If newline chars are not stripped it can be very easy for a spammer to inject extra bcc headers and use it to send email spam to long lists of email addresses. (this is very common - I've seen lots of badly-written form-to-email scripts abused this way over the years and if asked to check on a website reported to be sending email spam it is one of the first things I look for!)

List Guidelines:

Reply via email to