Cody Pendant has asked for the wisdom of the Perl Monks concerning the following question:
Due to enormous amounts of spam on our public email addresses, i.e. webmaster@ourdomain.com, we're going to ask the public to communicate with us only by form.
Rather than use any kind of Matt-Wright-like solution, we're thinking we'll have a form where the recipient of the form is not visible in the source code, but only a lookup code for it.
So the form, rather than saying
will just have something like<input type="hidden" recipient="codypendant@ourdomain.com">
and the actual email address will be looked up based on that key.<input type="hidden" recipient="12345">
Is there any remaining security/spam issue, assuming that we also check that the form was submitted from one of our servers?
Obviously if someone goes to the trouble of spoofing our IP or domain, they can still spam me by imitating the action of the form, but apart from that, am I missing something?
($_='kkvvttuubbooppuuiiffssqqffssmmiibbddllffss')
=~y~b-v~a-z~s; print
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Security of Mail Script
by Trimbach (Curate) on Feb 09, 2004 at 00:40 UTC | |
by Cody Pendant (Prior) on Feb 09, 2004 at 01:46 UTC | |
by flyingmoose (Priest) on Feb 09, 2004 at 02:43 UTC | |
Re: Security of Mail Script
by Berik (Sexton) on Feb 08, 2004 at 23:12 UTC | |
by Cody Pendant (Prior) on Feb 09, 2004 at 01:50 UTC | |
by Berik (Sexton) on Feb 09, 2004 at 02:13 UTC | |
Re: Security of Mail Script
by florg (Friar) on Feb 09, 2004 at 02:13 UTC | |
Re: Security of Mail Script
by Abigail-II (Bishop) on Feb 09, 2004 at 10:57 UTC | |
by arturo (Vicar) on Feb 09, 2004 at 15:56 UTC | |
Re: Security of Mail Script
by selk (Beadle) on Feb 09, 2004 at 18:18 UTC | |
by idsfa (Vicar) on Feb 09, 2004 at 19:44 UTC | |
by bunnyman (Hermit) on Feb 09, 2004 at 20:12 UTC |
Back to
Seekers of Perl Wisdom