Avoiding spam sending emails from a web

Question

1.50/5 (2 votes)

See more:

Hello all,

I'm thinking on a contact page in a brand new web page I'm programming in PHP.

The idea of putting a mail address there is scary as the spam bots will celebrate it...

I'm thinking about using a PHP variable to set the mail address and then use the variable on the call to the mail function, but...

Will this help at all?

Is there any method that covers the mail address without using javascript or any other scripting language?

I would like to use HTML and PHP only...

Thank you all!

What I have tried:

Still nothing, I'm just thinking on the method to achieve that...

Posted 3-Apr-16 4:54am

Joan M

Updated 4-Apr-16 4:19am

Add a Solution

Comments

Sergey Alexandrovich Kryukov 3-Apr-16 11:07am

Not clear at all. Yes, a contact page is dangerous, and malicious exploits on an unprotected mail-sending code are very easy. I collected on from real life, can share with you.
It's not clear what scenario are you afraid of? Do you mean that you are afraid of exposing a mail address on your page, the one uses to send a contact form to you. Think a bit and you will understand that you never have to do it anywhere.

Now, who is talking about JavaScript? Don't even think and play with the idea of using client-side scripting for protecting of anything at all. Client side script is, well, already on client side, anyone who even remotely understand how it works can work-around all your client-side scripts in no time.

—SA

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Jochen Arndt · Accepted Answer · 2016-04-04T03:53:00

When you use some kind of mail script on your server, the address is hidden from visitors. They will only see the input form but not the mail address.

But web sites usually require an About page with contact information including the mail address (depending on the country; in the EC at least for commercial sites). Even if not required and providing a mail form, providing an address is good style to allow readers to contact you (depending on the content of your page).

You should also not obfuscate the address using an image. This can't be processed by text to speech systems used by visually impaired visitors.

You have to live with address harvesters. Even a mail form will not protect you from spam when using the form itself (there are bots looking for mail form links on your page).

W∴ Balboos, *GHB* · Accepted Answer · 2016-04-04T04:19:00

Solution 2

I handle this by having a fill-in form. When it's submitted, it sends the fields back to the server (php page) which uses the data to create SMTP mail. This is sent from the server and there's no trace of it on the client side. Actually, you can just save the data, as is, and skip the mailing altogether if that's consistent with your needs.

FWIW, many sites that use this type of scenario also have a check to see if you're a live person. Like captcha, for example, or more recently, a 3x3 array of images and you're asked to select images with a certain feature. Be the method you choose what it may be, you can protect your email from screen scraping by just not having an email address on the page. I'd only go as far as testing for a living being if I started to have problems.

Posted 4-Apr-16 4:19am

W∴ Balboos, GHB

Comments

Joan M 4-Apr-16 10:28am

So, if I use a form and php to send the email I should not worry at all?

This was a written and not hidden mail address, but it is on the php server side...

W∴ Balboos, GHB 4-Apr-16 10:35am

The only 'risk' is if you send your mail with your address to someone who'll use it for spamming (or their mail gets hacked). What happens on the server side stays on the server side, unless you send give it out. That's taken care of, potentially, by having a black-hole for a return address (do-not-reply thing) and if they want to follow it up, have a link to your (php) page and you can pre-fill the form with whatever you want and let them add further comments and submit it again. If you really handle this well, you can have a subject selection of some sort and send it to various email address per, for example, a switch in your server-side php. Your email address should only be visible to your server-side php.

Joan M 4-Apr-16 10:40am

That sounds really nice then, of course infected receivers can be a problem, and of courser once the domain is out in the wild there can be problems, but at least having the e-mail address inside the PHP code block will protect it from unwanted eyes.
Thank you for your comments!