http://qs1969.pair.com?node_id=327513

Cody Pendant has asked for the wisdom of the Perl Monks concerning the following question:

Due to enormous amounts of spam on our public email addresses, i.e. webmaster@ourdomain.com, we're going to ask the public to communicate with us only by form.

Rather than use any kind of Matt-Wright-like solution, we're thinking we'll have a form where the recipient of the form is not visible in the source code, but only a lookup code for it.

So the form, rather than saying 

  <input type="hidden" recipient="codypendant@ourdomain.com">

[download]
will just have something like 
  <input type="hidden" recipient="12345">

[download]
and the actual email address will be looked up based on that key.

Is there any remaining security/spam issue, assuming that we also check that the form was submitted from one of our servers?

Obviously if someone goes to the trouble of spoofing our IP or domain, they can still spam me by imitating the action of the form, but apart from that, am I missing something?


($_='kkvvttuubbooppuuiiffssqqffssmmiibbddllffss')
=~y~b-v~a-z~s; print

Replies are listed 'Best First'.
Re: Security of Mail Script
by Trimbach (Curate) on Feb 09, 2004 at 00:40 UTC
    Actually, that would be: 
    <input type="hidden" name="recipient" value="12345">

    [download]
    or, if you want to obfuscate things: 
    <input type="hidden" name="cheeseburger" value="12345">

    [download]

    Gary Blackburn
    Trained Killer

[reply]
[d/l]
[select]
      <input type="hidden" name="recipient" value="12345">

      [download]

      Oops yes of course, thanks for that. My hangover is to blame.

      Also, good point about the extra obscurity.


      ($_='kkvvttuubbooppuuiiffssqqffssmmiibbddllffss')
      =~y~b-v~a-z~s; print
[reply]
[d/l]
      You hacked my cheeseburger! You *******!!!
[reply]
Re: Security of Mail Script
by Berik (Sexton) on Feb 08, 2004 at 23:12 UTC
    Yes, this is also what I am using for the new 'mailaform' script. It must be secure, unless ofcourse your database isn't secure (db password must not be readable for users). This will stop the e-mail scanners. The chance that soms spammer will try to send spam via a cgi script that is limited to only sending to one (or a few) e-mail addresses is a minimum.

    Be carefull with referer checking. This can be annoying for users who have explicitly chosen not to send the referer.
    Best bet is to check it only when it's there. Then you make the spamming only harder, less likely, but still your script is usable for everybody.

    ---
    Berik
[reply]

      It must be secure, unless ofcourse if your database isn't secure (db password must not be readable for users).

      The back end of the whole thing is a whole other thing. Our IT people will probably just want to use a .dat file in an obscurely-named folder in /cgi-bin, knowing them. As long as the script doesn't ever give a CGI::Carp type error saying it couldn't find it, that's probably secure enough anyway ... right..?


      ($_='kkvvttuubbooppuuiiffssqqffssmmiibbddllffss')
      =~y~b-v~a-z~s; print
[reply]
        On public servers, wich I'm dealing with, I can only find one good solution. You should run the script setuid to some user, and let the script then read a datafile with the passord in it. Make sure that user is the only one able to read the password file. Now the location doesn't need to be secure cause the webserver itself or any other user can't read the file. Suggestions welcome for other ways of dealing with this.
        ---
        Berik
[reply]
Re: Security of Mail Script
by florg (Friar) on Feb 09, 2004 at 02:13 UTC
[reply]
Re: Security of Mail Script
by Abigail-II (Bishop) on Feb 09, 2004 at 10:57 UTC
    Well, they can spam the recipient mentioned in the form (that is, whoever is referred to with '12345'). Now, if there's just a few of those 'keys', no spammer will bother. But if you have thousands of people in your database, and the keys can be easily guessed (for instance, because you use consecutive numbers), a spammer can use the form by just guessing keys.

    Abigail

[reply]

      Hrm, makes me think that one way of doing it might be to use a hashed value of ( the email address plus a secret key ) in order to specify the recipient. Those who want to receive mail at a specific address via the form could be given the hashed value. Although it obscures the actual destination, it's no protection against a spammer who doesn't care who's on the other end (which is, of course, the overwhelming majority of spammers).

      If not P, what? Q maybe?
      "Sidney Morgenbesser"

[reply]
Re: Security of Mail Script
by selk (Beadle) on Feb 09, 2004 at 18:18 UTC

    Hi,

    Here's how I'm doing it on my site. When a viewer clicks on a "Contact Me" link, he/she will be taken to a page with a dynamically generated GIF of some random text that he/she will have to type into a textfield. Only when the proper text has been entered, will he/she will then be redirected to a mailto URL which would automatically open his/her email client. The GIF is generated using GD. The email only appears inside the code, none in the form or html pages. Now, in my case, I only have one email address so I was just able to hard code it. You will have to modify or combine with the other schemes discussed in this thread so far to make it work with multiple addresses.

    The purpose for doing all this is so I can't be spam, and I am fairly sure that it is a person sending me an email rather than some program.

    Hope this helps.

[reply]

      Too bad they've already cracked that trick. (also at slashdot)

      If anyone needs me I'll be in the Angry Dome.
[reply]

      This will prevent the blind from sending you e-mail.

[reply]

Back to Seekers of Perl Wisdom