Solved

spam from a contact form

Posted on 2011-09-15
26
412 Views
Last Modified: 2012-06-27
I have a few domains that with contact form Im trying to filter the spam im getting there> but I want to have the option see the spam emails and to decide if I want to mark them as "safe again"

I currently have an interface that i see the contact emails for every domain and I also want the option to mark it there as spam if I want to.

other info: I save all the emails request in a table in the db (contactRequest)

what I initaillt wanted to do is a function checkspam($email)
that mark email as spam by
1 check if the email address is already submitted before (by checking if its in contactRequest)
2. looking for "badwords" in the text of the email
and maybe other option

Im not sure what will work if just to add a spam field to the contact request or create a new table spam and put all the spam emails there.

because how could I show that way the spam each domain and control it by mark it as spam or not ?
0
Comment
Question by:Nura111
  • 13
  • 6
  • 5
  • +1
26 Comments
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36546002
I'm not sure I understand the question.  I don't think it really matters how you store possible spam but my preference is to have a spam flag.

Your plan generally looks good.  

You might also want to grab the IP address of the sender.  If the same IP address keeps filling out your form with spam, perhaps it's time to put all spam from that IP into the spam folder.
0
 

Author Comment

by:Nura111
ID: 36546055
by spam folder you mean in a table in the db?
my problem is that im confused with how to implement the fact that I want to be able to could chose an  email as spam or chose it again as not spam would I keep a diffrent spam table for each domain? most of the dpam are reapting for all of them. and the logic is not working in my head if im checking to see if an email was already sumbitted from that adress and I decide that is spam so I flag it as spam than if Im getting the same email from a different domain it will still reconsize as spam but what if I want to unflag it as spam from domain a does that mean I need to unflag all the other spam form the same email as well?
0
 
LVL 12

Expert Comment

by:jet-black
ID: 36546161
Hi Nura111,

Do you use captcha to your contact form?
You can create a one time password and save it to your session. Then add its encrypted value to your contact form as a hidden input. After the form submission, first decode the value from the hidden input and compare it with the value you saved to session. If they are equal, advance sending email.
0
 

Author Comment

by:Nura111
ID: 36546172
most of my spam emails are not from bot I just want to have the option to flag an email as spam and than unflag it if its not spam kind of like in a regular mail (hotmail,gmail)
but im confuse in how to do it
0
 

Author Comment

by:Nura111
ID: 36546206
HI hmccurdy :  when im checking $ip = $_SERVER['REMOTE_ADDR'] is it my web host ip adress?
0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36546226
Yes, my bad.  "...time to put mark all forms from the IP as spam."

It looks like you want to automatically identify as spam any e-mail that has the same content as another e-mail?  For instance, if you get 10 emails all that say "buy penny stocks from..." then you want to mark all 10 as spam.  Right?

I would keep one copy of that as a record in a "spam 'signature' file."  I wouldn't keep domains in there since an offer to buy penny stocks is likely spam and it doesn't matter where it comes from.

I would still keep my e-mail, including the original spam e-mails, in the same table.  When you examine spam, you can mark it as not-spam or (perhaps) delete it forever.  Before you deleted it, you'd want to make sure one copy of the content (body of the e-mail) is in the "spam signature" file.

Am I making any sense and did I bring you any closer to an answer?  I'm not sure that I have.

0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36546241
Nura, that should be the remote host address.  You might want to visit

http://php.net/manual/en/reserved.variables.server.php   for a more complete list.
0
 
LVL 12

Accepted Solution

by:
jet-black earned 250 total points
ID: 36546247
You can combine whitelist and blacklist approach for that.

Here is the idea:

By default, all email addresses will be not trusted.
When your contact form gets the data with post method, first check if the email address exists in "trusted email addresses" table. If it exists, just save it. if it is not, check if that email address exists in "blacklist" table. if it exists, do not save it. if it doesnt exist in blaclist nor whitelist, save and mark it as spam.

Also, check the email address and time(). You can automatically reject repetting requests from the same ip within the time period you will set. (ex: min. 60 seconds)
0
 

Author Comment

by:Nura111
ID: 36546269
yes its help but I still have a problem

"I would still keep my e-mail, including the original spam e-mails, in the same table.  When you examine spam, you can mark it as not-spam or (perhaps) delete it forever.  Before you deleted it, you'd want to make sure one copy of the content (body of the e-mail) is in the "spam signature" file."

the problem is that :   the same table that are storing the emails and spam emails (lets say with a spam field that is 0 or 1)  is for all the domain together so is it make sense if we mark one email that one domain recievd as spam I will mark it in all location as spam and if we want to unflugg it as spam the same way around?

and the other problem is I wanted to flag an email as spam also there was already an email sent from the same adress but that is causing me problem because if ill unflag it spam it will keep mark it as spam next time ill get this email.
I think im just confusing myself..
0
 

Author Comment

by:Nura111
ID: 36546283
jet-black:: I dont get it I already have a table full with emails adrress that wasnt filter and I need to add on to it
0
 

Author Comment

by:Nura111
ID: 36546502
Ok so Ill think I will create a blacklist and for now only move there emails that was marked as spam manully  and than check every new email to see if it in the black list to mark as spam.

if anyone have an idea in with this logic on how to add an option to perform other check such as bad keyord and how to add it I will be happy to here it I guess my brain doesn't work so good today..
Thank you.
0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36546887
I think my advice will rest on what skills you have.  Can you write in PHP or ASP?

This seems like a simple issue to me in PHP.  I would use a form to collect search information.  One feature of the form would be to ask for the next unchecked message marked as spam.  (Then I could walk through them interactively).

The "magic" I would do is if you selected an e-mail as non spam, you could also tell the script to find the "spam signature" in the spam signature table and have it removed too.

That's generally how I propose solving the problem.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36548975
$_SERVER['REMOTE_ADDR'] will (usually) contain the IP address of the client computer.  It is external data, but it is somewhat difficult to spoof.

Almost any CAPTCHA test, no matter how simple, is sufficient to keep the 'bots away.  Here is how I do it.  HTH, ~Ray
<?php // RAY_captcha_image.php
error_reporting(E_ALL ^ E_NOTICE);


// GENERATES A PICTURE OF A NUMBER INTO THE BROWSER OUTPUT


// DECODE THE INCOMING STRING
$data = base64_decode($_GET['dt']);

// CREATE AN IMAGE RESOURCE - CHOOSE THE SIZE THAT BEST MATCHES YOUR PAGE STYLE
$im = imagecreate(46,13);

// WHITE BACKGROUND
$bg = imagecolorallocate($im, 255,255,255);

// GRAY STRIPES
$gray = imagecolorallocate($im, 188,188,188);

// FIREBRICK TEXT
$text = imagecolorallocate($im, 178,34,34);

// ADD THE NUMBER TO THE IMAGE
imagestring($im,5,4,0,$data,$text);

// WRITE A GRAY STRIPE (OR MORE IF YOU CHOOSE)
imageline($im,4,12,38,0,$gray);

// SEND THE IMAGE INTO THE BROWSER OUTPUT STREAM
header('Content-type: image/png');
imagepng($im);
imagedestroy($im);

Open in new window

<?php // RAY_captcha_in_action.php
error_reporting(E_ALL);

// IF ANYTHING WAS POSTED
if (!empty($_POST))
{
    // TEST THE STRINGS
    if ($_POST["_newMd5"] != md5($_POST["_newCode"]))
    {
        // MIGHT WANT TO MAKE THIS USER-FRIENDLY
        echo 'SECURITY CODE NUMBER DID NOT MATCH';
    }
    else
    {
        echo "SUCCESS!";
    }
}
// END OF PHP - PUT UP THE FORM
?>
<form method="post">
<!-- STYLE THIS TO SUIT YOUR PAGE STYLE -->
Type <img style="display:inline;" src="RAY_captcha_image.php?dt=<?php $x = mt_rand(1000,10000); echo base64_encode($x); ?>" /> here:
<input name="_newCode" type="text"   maxlength="64" size="6" autocomplete="off" />
<input name="_newMd5"  type="hidden" value="<?php echo md5($x); ?>" />
<input type="submit" />
</form>

Open in new window

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:Nura111
ID: 36561624
Hi Ray the thing is as I mentioned the problem id with real user and not bots.
hmccurdy:: its php that im using i didnt reakky understend
 
" I would use a form to collect search information.  One feature of the form would be to ask for the next unchecked message marked as spam.  (Then I could walk through them interactively)."

what is that mean? what search information are you referring to?

Thank you.
0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36561923
It appears from that last post that you don't know PHP.  Did you want to learn PHP at some point?
If you do, do you already know any programming languages?  (I'll give you advice about this if you want it.  Otherwise time for me to shut up and let Ray do the heavy lifting.)
0
 

Author Comment

by:Nura111
ID: 36562221
? Im a beginner in php, I did write other things in php before..
I just dont understand what you meant logically its not about php..
0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36562752
Did I or someone else say "logically its not about php..?"

My form comment is that I would use an XHTML form to collect search data.  Then I'd process it with PHP which would then do the SQL (right?) inquiry.  Then you'd get a new, populated form where you could decide if the contents are spam or not.  Check or uncheck a box and submit it.  Another or the same PHP program (depending on your style) would process it and then put you back at the form to collect search data again.

Search data could include a message ID, a sender's e-mail, senders IP address or if the record is marked as spam or not.  (The idea is that you could walk through all your spam to see if it is.  Or you could walk through all messages from a specific address (or domain) or IP address to review them too).

I fear I'm not making enough sense.
0
 

Author Comment

by:Nura111
ID: 36562860
you are making sense but I was needed help in decide which email is spam I already have the forms that collect the data and im saving them in contactReques table as I mentioned in the question.

I was needed help on decide how to create the spam filter and as I wrote::
"Ok so Ill think I will create a blacklist and for now only move there emails that was marked as spam manully  and than check every new email to see if it in the black list to mark as spam.

if anyone have an idea in with this logic on how to add an option to perform other check such as bad keywords i can find .


Thank you for the help if you cn just tell me how to
get the  specific address (or domain) or IP address in php that wou;d be great!

th
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36562999
The IP addresses are in the email headers.  You would use various PHP string manipulation functions to tease the headers apart and extract the addresses.

I do not understand the part of the question about the domain name.  Do you mean (for example) that if my email address is something @ Gmail.com you want to find the Gmail part?

Here is what an email header looks like.
Delivered-To: ray.paseur@gmail.com
Received: by 10.216.186.65 with SMTP id v43cs25978wem;
        Mon, 19 Sep 2011 10:06:49 -0700 (PDT)
Received: by 10.68.10.65 with SMTP id g1mr4450788pbb.421.1316452008320;
        Mon, 19 Sep 2011 10:06:48 -0700 (PDT)
Return-Path: <noreply@experts-exchange.com>
Received: from www4.experts-exchange.com (www4.experts-exchange.com. [64.156.132.144])
        by mx.google.com with ESMTPS id t3si12747148pbf.128.2011.09.19.10.06.47
        (version=TLSv1/SSLv3 cipher=OTHER);
        Mon, 19 Sep 2011 10:06:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of noreply@experts-exchange.com designates 64.156.132.144 as permitted sender) client-ip=64.156.132.144;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of noreply@experts-exchange.com designates 64.156.132.144 as permitted sender) smtp.mail=noreply@experts-exchange.com
Received: from www4.experts-exchange.com (localhost [127.0.0.1])
	by www4.experts-exchange.com (8.14.4/8.14.4) with ESMTP id p8JH6lwT043147
	for <Ray.Paseur@Gmail.com>; Mon, 19 Sep 2011 10:06:47 -0700 (PDT)
	(envelope-from noreply@experts-exchange.com)
Date: Mon, 19 Sep 2011 10:06:47 -0700 (PDT)
From: Experts Exchange <noreply@experts-exchange.com>
To: Ray.Paseur@Gmail.com
Message-ID: <296258798.11767.1316452007187.JavaMail.ee@www4.experts-exchange.com>
Subject: Author Comment Added: spam from a contact form
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Mailer: Experts Exchange

Open in new window

0
 

Author Comment

by:Nura111
ID: 36563037
Thank you Ray ignore the other part about the address.
0
 

Author Comment

by:Nura111
ID: 36563053
Oh but I get the email adress in a contact form... hoe can I get the ip address than?
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36563361
How can you get what IP address?  The IP address of the client machine is usually in $_SERVER["REMOTE_ADDR"] but this may not be the same address that sends the email.  Email is pretty complicated - multiple hops between relay mailers, etc.  It follows many of the same paths as the HTTP protocols, but the hops in the WWW are essentially invisible to you.
0
 

Author Comment

by:Nura111
ID: 36563388
There is a website, the user of the website  is filling a contact form and the form is handle in a php script (lets call it contactForm.php) so if im in contactForm script i can use $_SERVER["REMOTE_ADDR"] to get the ip adress for the person who filled the contact form??
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36563418
Yes, that will usually be set correctly.  It may not be useful information, though.  For one thing, all the clients at many companies use a corporate intranet that connects to the "real world" through a single IP address, or a small handful of IP addresses.  And there are the dial-up clients who may get a different IP address every time they connect.  And there are the IP addresses of places like Starbucks and Panera Bread.  Networks in hotels, airports, etc.  It could be a point of confusion.  Why would you care what my IP address might be?
0
 

Author Comment

by:Nura111
ID: 36563437
" Why would you care what my IP address might be?" what do you mean?
im just following the advise from a previous note:

You might also want to grab the IP address of the sender.  If the same IP address keeps filling out your form with spam, perhaps it's time to put all spam from that IP into the spam folder.


0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 36563491
OK, that makes sense to me.  But really, there are two kinds of spam.  One is the automated spam, the other is the kind of annoying stuff that an obnoxious kid might post to your pages.  CAPTCHA will take care of the first kind.  Moderation (or even better, requiring someone to login before they can post) will take care of the second.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
In this tutorial viewers will learn how to embed Flash content in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <object> tag to embed Flash content.: To specify that the object is Flash content, d…
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now