Spam through Website forms

Spammers are now trying to use forms to send email to individuals at companies, or at mailing lists that may be attached to forms. While it is impossible to stop people from using the forms, there are a few best practices that can be put into place to avoid them from being used by spam agents.

1 - Never have a form submission trigger an email to an address outside your organization. Spammers will then use your server as a spamming tool, which can result in your web server being blacklisted.
2 - Never have a form submission trigger a server process, even with a "hidden" URL. Any server or administrative tools should always be behind a password protected site, with a complex (alpha and numeric, longer than 6 characters) password. Javascript password methods should never be used.
3 - Have form submissions processed to a database for later review and processing. While an email is often the more convenient solution, a database allows for proper logging, review, approval and management of form submissions.
4 - Implement one or more methodologies to test if the form is being submitted by a live person, or an automated spam process. For example: - use an image test. This entails presenting the web visitor with an image (jpg or gif) of a text code within the form. As part of the form validation, the code entered by the user would have to be tested against the know correct value. Any incorrect forms are rejected and the visitor is allowed to correct their error. - use a time test. Because of the speed of an automated spam agent is much faster than a human to enter a form's data, it is often observed that the spam's agent will complete a form within 5 to 10 seconds. You may simply reject any forms that are presented to the visitor and then submitted back in less time than a desired threshold (i.e. 10 to 15 seconds).

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

About Webmail

About WebMailWhile EntirelyDigital offers its Webmail feature to all users for convenience, we...

About Spam - General

---About SpamEntirelyDigital uses specific tools and methods to determine whether or not an email...

How do I connect my iPhone to EntirelyDigital hosted exchange

In order to connect your iPhone ActiveSync to receive email from EntirelyDigital's hosted...

What are the maximum number of recipients for email messages

The maximum number of recipients per message (either in the TO: or CC: or BCC:) is 100 Any more...

Error - Out of Office Assistant

Error message when you try to open the Out of Office Assistant in Outlook 2007: "Your Out of...