Jump to content

How To Prevent Spambot From Detecting Emails From

Recommended Posts

People shift from providing email addresses to using forms (for contact) in order to avoid spam


bots. But there are some new spam bots today which can detect email address even through forms


present on a website. Any solution to prevent this?


generally the form action is as follows


<form action="xyz@xyz.com">


Any other way this can be written to prevent it from being detected by spam bots?


Edit (TCH-MikeJ): Links to sites not relevent to post and not hosted by TCH removed. If you want a sig, make one in your forum control panel.

Edited by TCH-MikeJ
Link to post
Share on other sites

If you use a php form with the address hard coded into the form processor,

humans and bots can't see the address.


Avoid the type that have you put your address in the form

even as a hidden field, since this can easily be seen by anyone.


There are many php forms available, just google php form.

Link to post
Share on other sites
  • 10 months later...

My form is created with php and is handled through php - within the past day I have received bogus information through them - up to about 30 an hour all from different IP address in Texas, New Jersey, California, and Colorado. It seems hopeless to try and block all the ip address because they change - but it seems there are only a handful of service providers, which I've notified through their abuse and tech emails.


What can I do so that I can stop getting these?


The info that has been submitted is similar to this (mydomain was edited from my real domain name):


Here is what was submitted :

Name: pmcf@****

Content-Type: multipart/mixed; boundary=\"===============0458757291==\"

MIME-Version: 1.0

Subject: 1072bf53

To: pmcf@****

bcc: jrubin3546@aol.com

From: pmcf@****


or here's another:


Here is what was submitted :

Name: hddbofuxk@****

Preferred way to be contacted: hddbofuxk@****

Email: hddbofuxk@****

Phone #: hddbofuxk@****

Comments: hddbofuxk@****

Edited by tvspec
Link to post
Share on other sites

No, the email addresses are not hidden fields in the previous page, they are in the processing script after it is submitted. How can I check the referrer page - I bet that'll fix the problem, because when I look back at pages visited - the page with the original form was not visited...

Link to post
Share on other sites

If I use this - shouldn't that help?



|| isempty($_SERVER['HTTP_REFERER'])

|| $_SERVER['HTTP_REFERER'] == ''):

echo "Referring page required.";




do I need to set somewhere what page is actually using it?

Link to post
Share on other sites

I don't think that worked. If it had worked, would I get the echo "referring page required" when I go directly to the php-scripted page where the form is sent to? Right now, anyone who goes to that page..automatically sends a blank form.

Edited by tvspec
Link to post
Share on other sites

Just a quick point of clarification. They are not getting your email address from the forms. It is impossible for a well-written form to divulge the email address because the server is doing the mail.


What is happening is bots are hitting your web page with the form, filling it in and hitting submit... or at least making it look that way to your web server.


They don't have your email address but you are getting junk as if they did, it's just in the form of a submitted form and not a free-form email.


This kind of thing is exactly why they came up with the "Type in the letters you see in the graphic to the right" but even that is not foolproof. If you have a small to medium site that does not draw international attention you might get by with making one of your fields say "Enter the word Boo in the box below" and if the emailed form doesn't have Boo in it throw it out. If you have a huge site they really want to get at then they will have someone modify the bot to enter Boo.

Link to post
Share on other sites
  • 2 weeks later...
Good idea. I will try that. In addition, how can I also verify the refferer using $_SERVER['HTTP_REFERER'] in my script? I'm not sure how to use it.

I thought about using this once to prevent spam on my guestbook but it is a bad idea due to certain firewalls and browsers blocking referers.

Link to post
Share on other sites
Good idea. I will try that. In addition, how can I also verify the refferer using $_SERVER['HTTP_REFERER'] in my script? I'm not sure how to use it.



I'm having the same problem. I'm using a php script called afh.php (Advanced Form Handler). I've been using it for a couple of years on a number of sites and had no problem. Now a number of clients are receiving many many many (30 or more) form submissions each day, many are totally blank, and many have every field filled out with something like: dfladkfkdfj@clientsActualIPAddressInNumbers


I can't figure out how this is happening or how to stop it.


In my forms, I'm using some javascript to require certain fields, and also the <input name="required" type="hidden" value="Name,email">, but this isn't stopping blank forms from being submitted.


This script has minimal user configuration, and I don't know where to add the referrer information.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...