Question

I'm pretty new to PHP (I'm more partial to Ruby), but the website at my company has an email form that customers can fill out to order samples. I'm getting spam from it mostly from @yahoo domains. Is there a snippet of code that I can insert in my formmailer.php file that can prevent people from Yahoo from submitting something into the form?

Thanks for any suggestions in advanced!!

Update:

<form action="formmailer.php" method="post" id="contact" style="margin-bottom: 0;" onsubmit="return math_check()">

and for the script in used 

<script type="text/javascript">
function math_check(){
var nr = document.getElementById("math_check").value;
 if (nr != 7) {return false;}
 else {return true;}
}
</script>

I do have to go and do some research on this so I have a better plan in the future. Thanks for all your help.

Was it helpful?

Solution 2

Add one of this options to your files instead of blocking a whole domain:

PHP solution:
(Assuming you use a form with method POST)

on your form file:

3 + 4 = <input type="text" id="math_check" value="?" name="math_check" />

on your mail/php file:

$math_check = $_POST["math_check"];
if ( != 7) {die()};

You can also do this with javascript and maybe easier to say in case a human being misses that math test :)

Javascript solution:
(Demo here)

on your html:

<form action="formmailer.php" method="post" id="contact" style="margin-bottom: 0;" onsubmit="return false;">
    <input type="text" id="math_check" />
    <button type="submit" />Submit</button>
</form>

and the javascript that will submit only if number is 7:

window.onload = function () {
var form = document.getElementById("contact");
function math_check() {
    var nr = document.getElementById("math_check").value;
    if (nr != 7) {
        return false;
    } else {
        form.submit();
    }
}
form.addEventListener("submit", math_check, false);

};

OTHER TIPS

Searching for the domain inside email address: 

if (preg_match("/@yahoo/", $email)){
  //Yahoo domain detected.
}

Well I'm sure you could just check the input string for the email address form and check to see if the word 'yahoo' exists, like Jaris answer, but thats mad because any genuine users with Yahoo! Emails will get blocked. You should probably implement some sort of CAPTCHA such as reCAPTCHA to stop Spambots from filling in your form.

If you don't like CAPTCHAs you can try other ways of detecting if it is a real person submitting the form, such as a simple maths questions (although these can be broken quite easily, but if it's a low traffic site it will at least stop simple Spam bots). You can also use Honeypot fields or you can restrict the amount of times the form can be submitted. Check this page out for other alternatives to the CAPCTHA.

I'm not saying this will be foolproof but its better than blocking any poor soul who happens to use a Yahoo email address.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top