Spam through Website forms

Spammers are now trying to use forms to send email to individuals at companies, or at mailing lists that may be attached to forms. While it is impossible to stop people from using the forms, there are a few best practices that can be put into place to avoid them from being used by spam agents.

1 - Never have a form submission trigger an email to an address outside your organization. Spammers will then use your server as a spamming tool, which can result in your web server being blacklisted.
2 - Never have a form submission trigger a server process, even with a "hidden" URL. Any server or administrative tools should always be behind a password protected site, with a complex (alpha and numeric, longer than 6 characters) password. Javascript password methods should never be used.
3 - Have form submissions processed to a database for later review and processing. While an email is often the more convenient solution, a database allows for proper logging, review, approval and management of form submissions.
4 - Implement one or more methodologies to test if the form is being submitted by a live person, or an automated spam process. For example: - use an image test. This entails presenting the web visitor with an image (jpg or gif) of a text code within the form. As part of the form validation, the code entered by the user would have to be tested against the know correct value. Any incorrect forms are rejected and the visitor is allowed to correct their error. - use a time test. Because of the speed of an automated spam agent is much faster than a human to enter a form's data, it is often observed that the spam's agent will complete a form within 5 to 10 seconds. You may simply reject any forms that are presented to the visitor and then submitted back in less time than a desired threshold (i.e. 10 to 15 seconds).

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

SmarterMail Mail Client Configuration

SmarterMail servers support both POP and IMAP protocols for incoming mail servers and SMTP via...

How Does DMARC Work?

How does DMARC work, briefly, and in non-technical terms? A DMARC policy allows a sender to...

How do I connect my iPhone to EntirelyDigital hosted exchange

In order to connect your iPhone ActiveSync to receive email from EntirelyDigital's hosted...

Add a DMARC record

What is DMARC? DMARC, which stands for “Domain-based Message Authentication, Reporting &...

Error - Out of Office Assistant

Error message when you try to open the Out of Office Assistant in Outlook 2007: "Your Out of...