|
|
Posted by Shelly on 01/24/08 04:28
On Jan 23, 11:07 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> Shelly wrote:
> > On Jan 23, 8:47 pm, Manuel Lemos <mle...@acm.org> wrote:
>
> > The email is only sent to the site owner, so the spammer has no way of
> > knowing what the email should look like. That tells me that they have
> > to be going through the form. Yet the proper email has an echo of
> > generated security code. The spam email has that field empty. So,
> > that says he can't be going through the form.
>
> > It seems to me that they must:
> > 1 - Somehow diverting a legitimate email so that copy is sent to
> > them.
> > 2 - Using that email copy to create a template and modify the output
> > so that junk is sent.
>
> > I really don't know how they are doing it.
>
> Or, you're not checking the security field before sending the email.
Of **COURSE** I am. [I even tested it :-) --- and many times].
Filling in all the fields and either leaving that one empty, or with
the wrong info, prevents an email from being sent and the page is
presented again so that the user can fill it in properly.
Jerry, why in the world would I go throught the trouble of generating
a security field if I weren't testing for its accuracy? That would be
just plain stupid.
Shelly
Navigation:
[Reply to this message]
|