I have a form where a visitor can send a e-card to a friend. I think that there is some danger of a spam bot being able to use this form to send spam to thousands of addresses from my form. Is this true? Are there some recources where I could learn more? I am adding a php generated image for human verification, but it is generated from two of the fields that are passed from the form, using an algorithm. The problem I have is that if a human filled out the form once, they would have the password for one particular email. Then they could send as many emails to that one address as they wanted. Would they want to do that? Do I need to gaurd against it? Any input is greatly appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
information about web forms and spam bots
- Thread starter roblasch
- Start date
Check the referrer document on the php page that actually sends the email. If it's not from your domain, then don't send the email message.
If you offer no feedback when sending an email wasn't successful (basically always telling the user it was sent successfully) then it makes it harder to hijack.
I'd be interested in other people's opinions on this too.
Jeff
If you offer no feedback when sending an email wasn't successful (basically always telling the user it was sent successfully) then it makes it harder to hijack.
I'd be interested in other people's opinions on this too.
Jeff
- Thread starter
- #3
- Status
Similar threads
- Locked
- Question
