On my site I have people advertising villas and such like. If someone comes to my site and wants to contact the villa owner for more info they fill out a form, whose information is then sent via the php mail function. The problem is, recently there have been a lot of those typical nigerian scams being sent where by someone contacts them offering so much money to stay at their villa but for whatever reason can only pay with a huge sum of money, a large % of which they wish to be refunded upon acceptance. I want to try and stop this happening but I don't know how - I wouldn't have thought restricting IP's would work (even if it did i wouldnt know how), I thought about looking for common elements in all the messages nd not sending those that appear dodgy but of course that is far from foolproof and my even stop some genuine messages going though. I also considered just having the receiver's email address on the page but of course that is then likely to be spammed. My final thought was to have all emails come via one of our email addresses first and be manually checked before sending them on but that is way too labour intensive. Im sure there are a lot of sites that function in a similar way but I just don't know how they would get rid of these scammers for good. Any suggestions?
You can sanitize the input by making sure there are not any carriage returns in the input fields (reject them if there are).
Thanks for the quick reply... I'm not sure I follow, how would that eliminate these types of enquiries only?
If it is a manual spam (doubt it is) you can't stop it Else its a bot Have a small image appear, and have the customer type in the text in the image, The computer can't read this. and it stops against any spam bots
If someone or a bot is pasting their scam letter, it probably was typed up in a program that add line endings \n or \r if someone types in a textarea on your site, there are no line endings. Image verification would also be a good idea.
Ah I see, so i can search for '\n' or '\r' anywhere in the message... I guess that combined with an image verification (they are easy to find i presume) could cut a lot if not all of them out... cheers for your help guys
Actually, \r is the carriage return, Windows uses a carriage return followed by a line feed \n to denote the end of a line \r\n. I'd just look for a \r decimal code 13.
The best solution is to include some help messages in the email you send. Something to explain about what scams to look out for and a link to your site for more information. Maybe include a page on your site with screenshots of the scam emails with the word 'Scam' stamped across in red letters. Educating your users is better than trying to block the spam unless there is a foolproof way of stopping it.
Although there are some things you can do to reduce spam, you've mentioned something very important mad4. You could just include something like this at the top of any message sent from the contact form: ******************************************** This message has been sent automatically from the contact form on your property listing at TipTopVillas.com While it is most likely an inquiry from a prospective renter, TipTopVillas.com has no control over who can use the form. If this is an unwanted SPAM please ignore it. ********************************************