spam-attempts at certain domain - what to do.

Hi there!

We get a lot of spam through forms at a certain domain. (We get a mail that=
there is a spam attempt (this is done by us through code) - there's not ac=
tual a spam sent). Is there any thing to do more than creating spam-filters=
in PHP and the mail-server? (if you know there is a certain domain it is a=
problem with)

Best regards
/Gustav Wiberg




--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: spam-attempts at certain domain - what to do.

gleg...
i don't have any??

can you cross check the origin of spam?

----- Original Message -----
From: "Gustav Wiberg"
To:
Sent: Tuesday, May 15, 2007 1:55 PM
Subject: [PHP-WIN] spam-attempts at certain domain - what to do.


Hi there!

We get a lot of spam through forms at a certain domain. (We get a mail that
there is a spam attempt (this is done by us through code) - there's not
actual a spam sent). Is there any thing to do more than creating
spam-filters in PHP and the mail-server? (if you know there is a certain
domain it is a problem with)

Best regards
/Gustav Wiberg




--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: spam-attempts at certain domain - what to do.

Hi!

What do you mean by cross-checking the origin of spam?

Best regards
/Gustav Wiberg
=20

-----Original Message-----
From: bedul [mailto:landavia81@gmail.com]=20
Sent: Tuesday, May 15, 2007 11:10 AM
To: Gustav Wiberg
Cc: php-windows@lists.php.net
Subject: Re: [PHP-WIN] spam-attempts at certain domain - what to do.

gleg...
i don't have any??

can you cross check the origin of spam?

----- Original Message -----
From: "Gustav Wiberg"
To:
Sent: Tuesday, May 15, 2007 1:55 PM
Subject: [PHP-WIN] spam-attempts at certain domain - what to do.


Hi there!

We get a lot of spam through forms at a certain domain. (We get a mail that
there is a spam attempt (this is done by us through code) - there's not
actual a spam sent). Is there any thing to do more than creating
spam-filters in PHP and the mail-server? (if you know there is a certain
domain it is a problem with)

Best regards
/Gustav Wiberg




--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--=20
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: spam-attempts at certain domain - what to do.

There are some things that can be done at the form level, I've used
several of these with good results (these are not in any particular
order):

1) add a capcha/security image to the form.

2) check the referrer before actually emailing the form results to make
sure the submission is coming from the correct site.

3) add an hidden field to the form with an empty value. If the field has
a value on submit, then the form was most likely submitted by a bot,
they tend to put data in every field. Name the field with something like
"email3" or "phone5", etc rather than something obscure to better
capture bots (at least this is what I read in a couple of places).

4) validate data on the backend before submitting to reduce the email
injection issues. PHP email injection has been talked a lot recently on
many blogs and tech sites.

I do 2 & 4 as a practice. #3 is one we've recently tried with good
results. I haven't had to resort to #1 yet.

Bill

-----Original Message-----
From: Gustav Wiberg [mailto:gustav@hmn.se]=20
Sent: Tuesday, May 15, 2007 1:55 AM
To: 'php windows' (php-windows@lists.php.net)
Subject: [PHP-WIN] spam-attempts at certain domain - what to do.

Hi there!

We get a lot of spam through forms at a certain domain. (We get a mail
that there is a spam attempt (this is done by us through code) - there's
not actual a spam sent). Is there any thing to do more than creating
spam-filters in PHP and the mail-server? (if you know there is a certain
domain it is a problem with)

Best regards
/Gustav Wiberg


=20

--=20
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: spam-attempts at certain domain - what to do.

I wish I could find the article...

The idea behind it was instead of "Prove you are a human", try using "Prove you are not a robot" tactics. Although it sounds the same, it has different techniques applied. #3 was a biggie on the list.

Argh! Why can't I find that link? You may want to search for it, and see what you find.

Thank you,
Jarrett Meyer
http://jarrettmeyer.blogspot.com

No trees were harmed during this transmission; however, several electrons were terribly inconvenienced.

----- Original Message ----
From: Bill Bolte
To: Gustav Wiberg ; php-windows@lists.php.net
Sent: Tuesday, May 15, 2007 9:19:31 AM
Subject: RE: [PHP-WIN] spam-attempts at certain domain - what to do.

There are some things that can be done at the form level, I've used
several of these with good results (these are not in any particular
order):

1) add a capcha/security image to the form.

2) check the referrer before actually emailing the form results to make
sure the submission is coming from the correct site.

3) add an hidden field to the form with an empty value. If the field has
a value on submit, then the form was most likely submitted by a bot,
they tend to put data in every field. Name the field with something like
"email3" or "phone5", etc rather than something obscure to better
capture bots (at least this is what I read in a couple of places).

4) validate data on the backend before submitting to reduce the email
injection issues. PHP email injection has been talked a lot recently on
many blogs and tech sites.

I do 2 & 4 as a practice. #3 is one we've recently tried with good
results. I haven't had to resort to #1 yet.

Bill

-----Original Message-----
From: Gustav Wiberg [mailto:gustav@hmn.se]
Sent: Tuesday, May 15, 2007 1:55 AM
To: 'php windows' (php-windows@lists.php.net)
Subject: [PHP-WIN] spam-attempts at certain domain - what to do.

Hi there!

We get a lot of spam through forms at a certain domain. (We get a mail
that there is a spam attempt (this is done by us through code) - there's
not actual a spam sent). Is there any thing to do more than creating
spam-filters in PHP and the mail-server? (if you know there is a certain
domain it is a problem with)

Best regards
/Gustav Wiberg




--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php