[thelist] how to stop email form spam

Roel Mulder roel.mulder at gmail.com
Fri Sep 28 05:58:35 CDT 2007

Hi Erika,
How about checking the inputs, to see if they are identical, then mark
it as spam. E.g. if they submitted the same info (not empty) in
several form fields (two fields the same = possibly spam, three the
same = absolutely spam).

Also check for the string 'multipart', 'http', 'mime-version' as they
may try to spam from your script to others.

my two cents...

On 9/28/07, Bill Moseley <moseley at hank.org> wrote:
> On Thu, Sep 27, 2007 at 08:57:14PM -0700, Erika wrote:
> > I have a very simple perl cgi email form on a client's site that about a
> > year ago started being attacked by spammers.
> In addition to the other suggestions to test for a human, I've used a
> token that needed to be returned with the form.  Means they have to
> fetch the form before posting, and then post within some time period,
> and the token is only valid once.
> Some bots are smart enough to fetch the forms first, but for the most
> part this is proving to be still effective.
> There's easy caching CPAN modules that don't require maintenance to
> the cache (Cache::FastMmap, for example) where you can remember the
> token.
> I even have one setup where the token is an md5 of a secret and the
> time truncated to a minutes, and the token is only valid for a short
> amount of time.  So, no need to store the token on the server.  Very
> easy to implement.  That form is still in use and still doesn't
> produce any spam that I'm aware of, where without the token it was a
> problem.  They didn't want to do captchas.
> --
> Bill Moseley
> moseley at hank.org
> --
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !

More information about the thelist mailing list