Spamming form on my site

Jon12345 · 12 Sep 2006 at 10:00

I have a simple PHP form on my website at http://www.access-programmers.co.uk/contact2/contact.htm

Some spammer is using that form - I believe - to send out loads of emails. How do I know this? Well, I keep getting these bounced messages:

Code:

Mailbot
DSN: failed (Access World enquiry)

This is a Delivery Status Notification (DSN).

I was unable to deliver your message to
[email protected].

I said
  RCPT TO:<[email protected]>

And they gave me the error;
  554 Sorry, no mailbox here by that name. (#5.1.1)

How do I stop this? It is driving me nuts!

The_KiD · 12 Sep 2006 at 10:35

Who uses the form?

Just you? stick a password on it!

Also those emails you are getting could just be spam. We get loads saying "unable to deliver your mail to XYZ" and all it is is someone spoofing your domain name.

They send an email to one person, make it look like it came from your domain and when it is rejected the mail bounces to you.

Jon12345 · 12 Sep 2006 at 11:45

Well, I am also getting this email back which is basically the result of them filling in my enquiry form.

Name: OpaqueNiteIdiot
Position: http://usa-credit-cards.atspace.com/index.html
Company: The Sunset and the Apprentice
Phone: 13131564
Email: [email protected]
Source:
Country:
Type of project:
Notes: Your sites design is really tremendous. Nice work.
http://usa-credit-cards.atspace.com/index.html
<a href=\'http://usa-credit-cards.atspace.com/index.html\'>http://usa-credit-cards.atspace.com/index.html</a>
http://usa-credit-cards.atspace.com/index.html

The_KiD · 12 Sep 2006 at 11:50

Is it possible to password the form or put a .htaccess file on it?

CoXeY · 12 Sep 2006 at 13:11

Does the form deliver a confirmation email to who ever submits the form? Or do the form details just get emailed straight to the intended recipient?

A couple of our forms sent an email to both the submitter and the intended recipient so we disabled the thanks email to the submitter in place of a simple thank you page. This means that only we receive the emails if a SPAM bot decides to swing by our form...

Dan.

Una · 12 Sep 2006 at 13:15

To be honest you should use CAPTCHA, that will cut down on a lot of the automated spamming unless you have a problem with the form code, and then it won't make any difference.

Jonny69 · 12 Sep 2006 at 13:58

There seems to be a lot of that going on at the moment. Check who the bounces are being sent to and you might well find that its a random name @ your domain.com. Turning off the catch-all will stop you receiving them.

Someone on the Networks/Connectivity forum said it's bad practice for the other party to be bouncing the mails around.

Jon12345 · 12 Sep 2006 at 14:42

I am using my ISP's email and there are no spam or email options on there at all.

I have deleted the Thank You page so the code is still not there anymore. But I am still getting the emails.

Do you think they have taken the relevant details and put it into an application to spam me or something? e.g. taken my email address and required fields.

Spamming form on my site

More options

Jon12345

Jon12345

The_KiD

The_KiD

Jon12345

Jon12345

The_KiD

The_KiD

CoXeY

CoXeY

Una

Una

Jonny69

Jonny69

Man of Honour

Jon12345

Jon12345