Re: (spam)secure mailform

Bob Smith wrote:
> Jerry Stuckle wrote:
>
>
>
> Well, that is not 100%...for example a script can easily send the
> destination=whatever simply in a get command with telnet or custom script
> that connects to port and host and gets/posts the form.

Nope. Because the destination is not taken from the form. Only a key to a list
of predefined destinations is in the script.

For instance - they could say "destination=1" which might send to customer
service. But they could not say "destination=youvegotspam@example.com" because
that will not be found.

> there are a couple of things you might want to do to make it harder for the
> spammers:
> 1)set a cookie with timestamp + host + ip + browser ( etc...) and check teh
> existence and validate the cookie upon script run
> 2)check the cookie of the one requesting the form in the first place and
> save that in the cookie, if no cookie when the script submission is carried
> out:or error arguments in it:spammer
> Greger

Cookies can be falsified, and it doesn't take a lot of looking to figure out
what you use in a cookie. Additionally, this method doesn't work if the client
has cookies turned off.

Depending on cookies is NOT secure - and can be aggravating to valid users.

-- 
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================