"Mail-to-friend" PHP based security script

Hi X-perts,

I am building a real estate site with a "mail-to-friend" feature for the selected listings. I am using a standard PHP mail function.Is it really necessary to add a security image protection to prevent automatic script emailing? I have checked a lot of similar sites and only a few of them have that kind of protection.

Are therfe many cases of abusing PHP mail systems?

Thank you,

Who is Participating?
dutchclanConnect With a Mentor Commented:

Stay away from the standards. Like not using "email" "name" "subject" in the field names. This will be one way protecting it. An other way is simply write a "message" validation on wich you check for "unwanted words". This is what we used and it works like a bliss. We created an array and checked the message foreach() entry in the array if it has a match. If it does words like viagra etc where used and thus the mail wasnt send...

-Regards Chris
LindyMoffConnect With a Mentor Commented:
Well... here's my guess at this -- you most likely won't have problems if you write the form yourself and you require entries that aren't "standard" so that most automated tools made to spam from websites can't be used.

However, if you're concerned that someone may specifically target your site, then CAPTCHA may be a good thing to implement.
andy7789Author Commented:
Thank you both. Just a two points. Even if I change typical form field names, its easy to get them directly from the page source. Also, I use a "bad words" system, but you have to put a lot of different combinations like vi7gra etc. I have a few Yahoo emails and recieve hundreds of spam messages with masked words like just mentioned. Probably, an extra CAPTCHA line would be a solution.


KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

> so that most automated tools made to spam from websites can't be used.
writing a simple onliner which uses any web form as spam relay for a few billions of mails is a matter of a few minutes, that has nothing to do with "standards" (as common formnaes etc.).
You have to protect your site with something not computable, CAPTCHAs might be a good starter (even if most of them are breakable automatically too).
The true problem is that everything you come up with has a work arround. If they realy want to spam peeps through your site they will. All you can humanly do is make it tough to do so. Most scripts are build to exploit the mass of it, so make sure your not part of the mass...

Regards & good luck,

andy7789Author Commented:
Thank you all. It seems that I have to find a decent CAPTCHA solution - something tight, but not impossible to read ...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.