[thelist] how to stop email form spam

David McCreath mccreath at gmail.com
Fri Sep 28 23:55:26 CDT 2007 

Hi, Erika --

On 9/27/07, Erika <ekm at seastorm.com> wrote:
> I have a very simple perl cgi email form on a client's site that about a
> year ago started being attacked by spammers. According to my client, the
> spam is specifically coming through the form (they have not harvested
> his email, it is thru the form itself).

One of our clients had a similar problem, which we needed to fix
without any sort of CAPTCHA if possible due to the site's
accessibility requirements (its primary users are vision impaired),
and it was happening to multiple forms (like literature requests, not
just the contact form).

It might be worth checking the content of the spam. Spam linkers use
robots to submit any form they can find hoping that it's a comment
form on a blog. We figured out that's what was going on with our
client, so we put a few simple tests into the form processor and
stopped processing the form if any of the tests failed.

We use three tests:

1. Check for any hinky attempts to insert code like BB Code style
links like "[url", or a "bcc:".
2. Check to see if the first name and last name are identical (which
is common with bots).
3. Check to see if there's an "@" in the first or last name fields
(bots will often plop fake e-mail addresses in every single-line text
field).

We added this stuff about two and a half months ago and the spam has
completely stopped.

More details about this approach (and some others) can be found here:

http://webaim.org/blog/2007/03/07/spam_free_accessible_forms/


> I could use perl (current form is perl) or php, but my skills in both
> are pretty much limited to customizing scripts other people write...

If you feel like setting up a new form and are comfortable working
with existing scripts try NateMail, which already has similar spam
fighting code built in:

http://www.mindpalette.com/scripts/index.php#NMAnchor

Setting it up is a little more time consuming than, say, the one from
Matt's Script Archive, but not that much. We use it on the Mule site
and I can't remember getting a spam message since we set it up.

Also, hi!

David

-- 
David McCreath
Mule Design Studio
http://muledesign.com/
aim: dwmccreath
(907) 227-0966

More information about the thelist mailing list