Nura111
asked on
spam from a contact form
I have a few domains that with contact form Im trying to filter the spam im getting there> but I want to have the option see the spam emails and to decide if I want to mark them as "safe again"
I currently have an interface that i see the contact emails for every domain and I also want the option to mark it there as spam if I want to.
other info: I save all the emails request in a table in the db (contactRequest)
what I initaillt wanted to do is a function checkspam($email)
that mark email as spam by
1 check if the email address is already submitted before (by checking if its in contactRequest)
2. looking for "badwords" in the text of the email
and maybe other option
Im not sure what will work if just to add a spam field to the contact request or create a new table spam and put all the spam emails there.
because how could I show that way the spam each domain and control it by mark it as spam or not ?
I currently have an interface that i see the contact emails for every domain and I also want the option to mark it there as spam if I want to.
other info: I save all the emails request in a table in the db (contactRequest)
what I initaillt wanted to do is a function checkspam($email)
that mark email as spam by
1 check if the email address is already submitted before (by checking if its in contactRequest)
2. looking for "badwords" in the text of the email
and maybe other option
Im not sure what will work if just to add a spam field to the contact request or create a new table spam and put all the spam emails there.
because how could I show that way the spam each domain and control it by mark it as spam or not ?
ASKER
by spam folder you mean in a table in the db?
my problem is that im confused with how to implement the fact that I want to be able to could chose an email as spam or chose it again as not spam would I keep a diffrent spam table for each domain? most of the dpam are reapting for all of them. and the logic is not working in my head if im checking to see if an email was already sumbitted from that adress and I decide that is spam so I flag it as spam than if Im getting the same email from a different domain it will still reconsize as spam but what if I want to unflag it as spam from domain a does that mean I need to unflag all the other spam form the same email as well?
my problem is that im confused with how to implement the fact that I want to be able to could chose an email as spam or chose it again as not spam would I keep a diffrent spam table for each domain? most of the dpam are reapting for all of them. and the logic is not working in my head if im checking to see if an email was already sumbitted from that adress and I decide that is spam so I flag it as spam than if Im getting the same email from a different domain it will still reconsize as spam but what if I want to unflag it as spam from domain a does that mean I need to unflag all the other spam form the same email as well?
Hi Nura111,
Do you use captcha to your contact form?
You can create a one time password and save it to your session. Then add its encrypted value to your contact form as a hidden input. After the form submission, first decode the value from the hidden input and compare it with the value you saved to session. If they are equal, advance sending email.
Do you use captcha to your contact form?
You can create a one time password and save it to your session. Then add its encrypted value to your contact form as a hidden input. After the form submission, first decode the value from the hidden input and compare it with the value you saved to session. If they are equal, advance sending email.
ASKER
most of my spam emails are not from bot I just want to have the option to flag an email as spam and than unflag it if its not spam kind of like in a regular mail (hotmail,gmail)
but im confuse in how to do it
but im confuse in how to do it
ASKER
HI hmccurdy : when im checking $ip = $_SERVER['REMOTE_ADDR'] is it my web host ip adress?
Yes, my bad. "...time to put mark all forms from the IP as spam."
It looks like you want to automatically identify as spam any e-mail that has the same content as another e-mail? For instance, if you get 10 emails all that say "buy penny stocks from..." then you want to mark all 10 as spam. Right?
I would keep one copy of that as a record in a "spam 'signature' file." I wouldn't keep domains in there since an offer to buy penny stocks is likely spam and it doesn't matter where it comes from.
I would still keep my e-mail, including the original spam e-mails, in the same table. When you examine spam, you can mark it as not-spam or (perhaps) delete it forever. Before you deleted it, you'd want to make sure one copy of the content (body of the e-mail) is in the "spam signature" file.
Am I making any sense and did I bring you any closer to an answer? I'm not sure that I have.
It looks like you want to automatically identify as spam any e-mail that has the same content as another e-mail? For instance, if you get 10 emails all that say "buy penny stocks from..." then you want to mark all 10 as spam. Right?
I would keep one copy of that as a record in a "spam 'signature' file." I wouldn't keep domains in there since an offer to buy penny stocks is likely spam and it doesn't matter where it comes from.
I would still keep my e-mail, including the original spam e-mails, in the same table. When you examine spam, you can mark it as not-spam or (perhaps) delete it forever. Before you deleted it, you'd want to make sure one copy of the content (body of the e-mail) is in the "spam signature" file.
Am I making any sense and did I bring you any closer to an answer? I'm not sure that I have.
Nura, that should be the remote host address. You might want to visit
http://php.net/manual/en/reserved.variables.server.php for a more complete list.
http://php.net/manual/en/reserved.variables.server.php for a more complete list.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes its help but I still have a problem
"I would still keep my e-mail, including the original spam e-mails, in the same table. When you examine spam, you can mark it as not-spam or (perhaps) delete it forever. Before you deleted it, you'd want to make sure one copy of the content (body of the e-mail) is in the "spam signature" file."
the problem is that : the same table that are storing the emails and spam emails (lets say with a spam field that is 0 or 1) is for all the domain together so is it make sense if we mark one email that one domain recievd as spam I will mark it in all location as spam and if we want to unflugg it as spam the same way around?
and the other problem is I wanted to flag an email as spam also there was already an email sent from the same adress but that is causing me problem because if ill unflag it spam it will keep mark it as spam next time ill get this email.
I think im just confusing myself..
"I would still keep my e-mail, including the original spam e-mails, in the same table. When you examine spam, you can mark it as not-spam or (perhaps) delete it forever. Before you deleted it, you'd want to make sure one copy of the content (body of the e-mail) is in the "spam signature" file."
the problem is that : the same table that are storing the emails and spam emails (lets say with a spam field that is 0 or 1) is for all the domain together so is it make sense if we mark one email that one domain recievd as spam I will mark it in all location as spam and if we want to unflugg it as spam the same way around?
and the other problem is I wanted to flag an email as spam also there was already an email sent from the same adress but that is causing me problem because if ill unflag it spam it will keep mark it as spam next time ill get this email.
I think im just confusing myself..
ASKER
jet-black:: I dont get it I already have a table full with emails adrress that wasnt filter and I need to add on to it
ASKER
Ok so Ill think I will create a blacklist and for now only move there emails that was marked as spam manully and than check every new email to see if it in the black list to mark as spam.
if anyone have an idea in with this logic on how to add an option to perform other check such as bad keyord and how to add it I will be happy to here it I guess my brain doesn't work so good today..
Thank you.
if anyone have an idea in with this logic on how to add an option to perform other check such as bad keyord and how to add it I will be happy to here it I guess my brain doesn't work so good today..
Thank you.
I think my advice will rest on what skills you have. Can you write in PHP or ASP?
This seems like a simple issue to me in PHP. I would use a form to collect search information. One feature of the form would be to ask for the next unchecked message marked as spam. (Then I could walk through them interactively).
The "magic" I would do is if you selected an e-mail as non spam, you could also tell the script to find the "spam signature" in the spam signature table and have it removed too.
That's generally how I propose solving the problem.
This seems like a simple issue to me in PHP. I would use a form to collect search information. One feature of the form would be to ask for the next unchecked message marked as spam. (Then I could walk through them interactively).
The "magic" I would do is if you selected an e-mail as non spam, you could also tell the script to find the "spam signature" in the spam signature table and have it removed too.
That's generally how I propose solving the problem.
$_SERVER['REMOTE_ADDR'] will (usually) contain the IP address of the client computer. It is external data, but it is somewhat difficult to spoof.
Almost any CAPTCHA test, no matter how simple, is sufficient to keep the 'bots away. Here is how I do it. HTH, ~Ray
Almost any CAPTCHA test, no matter how simple, is sufficient to keep the 'bots away. Here is how I do it. HTH, ~Ray
<?php // RAY_captcha_image.php
error_reporting(E_ALL ^ E_NOTICE);
// GENERATES A PICTURE OF A NUMBER INTO THE BROWSER OUTPUT
// DECODE THE INCOMING STRING
$data = base64_decode($_GET['dt']);
// CREATE AN IMAGE RESOURCE - CHOOSE THE SIZE THAT BEST MATCHES YOUR PAGE STYLE
$im = imagecreate(46,13);
// WHITE BACKGROUND
$bg = imagecolorallocate($im, 255,255,255);
// GRAY STRIPES
$gray = imagecolorallocate($im, 188,188,188);
// FIREBRICK TEXT
$text = imagecolorallocate($im, 178,34,34);
// ADD THE NUMBER TO THE IMAGE
imagestring($im,5,4,0,$data,$text);
// WRITE A GRAY STRIPE (OR MORE IF YOU CHOOSE)
imageline($im,4,12,38,0,$gray);
// SEND THE IMAGE INTO THE BROWSER OUTPUT STREAM
header('Content-type: image/png');
imagepng($im);
imagedestroy($im);<?php // RAY_captcha_in_action.php
error_reporting(E_ALL);
// IF ANYTHING WAS POSTED
if (!empty($_POST))
{
// TEST THE STRINGS
if ($_POST["_newMd5"] != md5($_POST["_newCode"]))
{
// MIGHT WANT TO MAKE THIS USER-FRIENDLY
echo 'SECURITY CODE NUMBER DID NOT MATCH';
}
else
{
echo "SUCCESS!";
}
}
// END OF PHP - PUT UP THE FORM
?>
<form method="post">
<!-- STYLE THIS TO SUIT YOUR PAGE STYLE -->
Type <img style="display:inline;" src="RAY_captcha_image.php?dt=<?php $x = mt_rand(1000,10000); echo base64_encode($x); ?>" /> here:
<input name="_newCode" type="text" maxlength="64" size="6" autocomplete="off" />
<input name="_newMd5" type="hidden" value="<?php echo md5($x); ?>" />
<input type="submit" />
</form>ASKER
Hi Ray the thing is as I mentioned the problem id with real user and not bots.
hmccurdy:: its php that im using i didnt reakky understend
" I would use a form to collect search information. One feature of the form would be to ask for the next unchecked message marked as spam. (Then I could walk through them interactively)."
what is that mean? what search information are you referring to?
Thank you.
hmccurdy:: its php that im using i didnt reakky understend
" I would use a form to collect search information. One feature of the form would be to ask for the next unchecked message marked as spam. (Then I could walk through them interactively)."
what is that mean? what search information are you referring to?
Thank you.
It appears from that last post that you don't know PHP. Did you want to learn PHP at some point?
If you do, do you already know any programming languages? (I'll give you advice about this if you want it. Otherwise time for me to shut up and let Ray do the heavy lifting.)
If you do, do you already know any programming languages? (I'll give you advice about this if you want it. Otherwise time for me to shut up and let Ray do the heavy lifting.)
ASKER
? Im a beginner in php, I did write other things in php before..
I just dont understand what you meant logically its not about php..
I just dont understand what you meant logically its not about php..
Did I or someone else say "logically its not about php..?"
My form comment is that I would use an XHTML form to collect search data. Then I'd process it with PHP which would then do the SQL (right?) inquiry. Then you'd get a new, populated form where you could decide if the contents are spam or not. Check or uncheck a box and submit it. Another or the same PHP program (depending on your style) would process it and then put you back at the form to collect search data again.
Search data could include a message ID, a sender's e-mail, senders IP address or if the record is marked as spam or not. (The idea is that you could walk through all your spam to see if it is. Or you could walk through all messages from a specific address (or domain) or IP address to review them too).
I fear I'm not making enough sense.
My form comment is that I would use an XHTML form to collect search data. Then I'd process it with PHP which would then do the SQL (right?) inquiry. Then you'd get a new, populated form where you could decide if the contents are spam or not. Check or uncheck a box and submit it. Another or the same PHP program (depending on your style) would process it and then put you back at the form to collect search data again.
Search data could include a message ID, a sender's e-mail, senders IP address or if the record is marked as spam or not. (The idea is that you could walk through all your spam to see if it is. Or you could walk through all messages from a specific address (or domain) or IP address to review them too).
I fear I'm not making enough sense.
ASKER
you are making sense but I was needed help in decide which email is spam I already have the forms that collect the data and im saving them in contactReques table as I mentioned in the question.
I was needed help on decide how to create the spam filter and as I wrote::
"Ok so Ill think I will create a blacklist and for now only move there emails that was marked as spam manully and than check every new email to see if it in the black list to mark as spam.
if anyone have an idea in with this logic on how to add an option to perform other check such as bad keywords i can find .
Thank you for the help if you cn just tell me how to
get the specific address (or domain) or IP address in php that wou;d be great!
th
I was needed help on decide how to create the spam filter and as I wrote::
"Ok so Ill think I will create a blacklist and for now only move there emails that was marked as spam manully and than check every new email to see if it in the black list to mark as spam.
if anyone have an idea in with this logic on how to add an option to perform other check such as bad keywords i can find .
Thank you for the help if you cn just tell me how to
get the specific address (or domain) or IP address in php that wou;d be great!
th
The IP addresses are in the email headers. You would use various PHP string manipulation functions to tease the headers apart and extract the addresses.
I do not understand the part of the question about the domain name. Do you mean (for example) that if my email address is something @ Gmail.com you want to find the Gmail part?
Here is what an email header looks like.
I do not understand the part of the question about the domain name. Do you mean (for example) that if my email address is something @ Gmail.com you want to find the Gmail part?
Here is what an email header looks like.
Delivered-To: ray.paseur@gmail.com
Received: by 10.216.186.65 with SMTP id v43cs25978wem;
Mon, 19 Sep 2011 10:06:49 -0700 (PDT)
Received: by 10.68.10.65 with SMTP id g1mr4450788pbb.421.1316452008320;
Mon, 19 Sep 2011 10:06:48 -0700 (PDT)
Return-Path: <noreply@experts-exchange.com>
Received: from www4.experts-exchange.com (www4.experts-exchange.com. [64.156.132.144])
by mx.google.com with ESMTPS id t3si12747148pbf.128.2011.09.19.10.06.47
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 19 Sep 2011 10:06:48 -0700 (PDT)
Received-SPF: pass (google.com: domain of noreply@experts-exchange.com designates 64.156.132.144 as permitted sender) client-ip=64.156.132.144;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of noreply@experts-exchange.com designates 64.156.132.144 as permitted sender) smtp.mail=noreply@experts-exchange.com
Received: from www4.experts-exchange.com (localhost [127.0.0.1])
by www4.experts-exchange.com (8.14.4/8.14.4) with ESMTP id p8JH6lwT043147
for <Ray.Paseur@Gmail.com>; Mon, 19 Sep 2011 10:06:47 -0700 (PDT)
(envelope-from noreply@experts-exchange.com)
Date: Mon, 19 Sep 2011 10:06:47 -0700 (PDT)
From: Experts Exchange <noreply@experts-exchange.com>
To: Ray.Paseur@Gmail.com
Message-ID: <296258798.11767.1316452007187.JavaMail.ee@www4.experts-exchange.com>
Subject: Author Comment Added: spam from a contact form
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Mailer: Experts ExchangeASKER
Thank you Ray ignore the other part about the address.
ASKER
Oh but I get the email adress in a contact form... hoe can I get the ip address than?
How can you get what IP address? The IP address of the client machine is usually in $_SERVER["REMOTE_ADDR"] but this may not be the same address that sends the email. Email is pretty complicated - multiple hops between relay mailers, etc. It follows many of the same paths as the HTTP protocols, but the hops in the WWW are essentially invisible to you.
ASKER
There is a website, the user of the website is filling a contact form and the form is handle in a php script (lets call it contactForm.php) so if im in contactForm script i can use $_SERVER["REMOTE_ADDR"] to get the ip adress for the person who filled the contact form??
Yes, that will usually be set correctly. It may not be useful information, though. For one thing, all the clients at many companies use a corporate intranet that connects to the "real world" through a single IP address, or a small handful of IP addresses. And there are the dial-up clients who may get a different IP address every time they connect. And there are the IP addresses of places like Starbucks and Panera Bread. Networks in hotels, airports, etc. It could be a point of confusion. Why would you care what my IP address might be?
ASKER
" Why would you care what my IP address might be?" what do you mean?
im just following the advise from a previous note:
You might also want to grab the IP address of the sender. If the same IP address keeps filling out your form with spam, perhaps it's time to put all spam from that IP into the spam folder.
im just following the advise from a previous note:
You might also want to grab the IP address of the sender. If the same IP address keeps filling out your form with spam, perhaps it's time to put all spam from that IP into the spam folder.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your plan generally looks good.
You might also want to grab the IP address of the sender. If the same IP address keeps filling out your form with spam, perhaps it's time to put all spam from that IP into the spam folder.