Posted by Christoph Burschka on 03/29/07 23:37

Andrew Bailey wrote:
> "Martin Mandl - m2m tech support" <martin.mandl@gmail.com> wrote in message
> news:1175070592.285015.208940@d57g2000hsg.googlegroups.com...
>> On Mar 28, 9:48 am, mouton <nos...@nospam.com> wrote:
>>> Hello,
>>>
>>> I have a contact form on my website that sends form data to a php page
>>> where the php mail() function collects and send them to me.
>>>
>>> On this action page, one variable contains my email address in the form:
>>> $myEmail = "myem...@blah.com";
>>>
>>> The trouble is that I receive a lot of spam through this and do not know
>>> how to avoid that. Could you please help me?
>>>
>>> Thank you.
>
> Hi Martin,
>
> Try...
>
> $myEmail1 = "myem...";
> $myEmail2 = "@";
> $myEmail3 = "blah.com";
>
> $myEmail = $myEmail1 + $myEmail2 + $myEmail3;
>
> Hope this helps
>
> Andy
>
>

Just WHAT does that accomplish?!

PHP code stays on the server, nobody ever sees this variable. How you construct
it makes absolutely NO difference.

The spam comes from somebody submitting the form, as intended. There's really
nothing you can do to protect your "email address" in this place - your own PHP
script is spamming you.

To stop robots from using the form, implement a CAPTCHA. To stop robots from
spamming OTHER people (far worse, considering your server gets blamed), be sure
to filter all the header fields properly, especially if there's a "FROM" field.

--
Christoph Burschka <christoph.burschka@rwth-aachen.de>
Math.-Techn. Assistent i.A.
-------------------------------------------------
RWTH Aachen
Rechen- und Kommunikationszentrum
Dienstgebäude Seffenter Weg 23
52074 Aachen
Tel: +49 (241) 80-20376
Fax: +49 (241) 80-29100
-------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xFF4BDDE8

[Back to original message]