Sarah Adams wrote: > I was thinking that once someone (or a bot) tries to submit a form with > bad input (based on evidence of header injection attempts or html where > it shouldn't be allowed), rather than simply clean up the input or > ignore the request, I could return a 404 header. I was thinking this > *might* discourage them from trying again. What are the chances this > will make a spammer stop coming back to spam this form? (I wouldn't > expect it to stop all spammers, but if it stopped even a few, it might > be worth it.) I would think a 403 would be more appropriate than a 404, but at the same time I'd be surprised if spammers are paying any attention to the response they get from the server.