Friday, 4 March 2011

Stopping spam on web page forms

I've finally found a cure for bots. Normally, one uses a captcha image or a simple maths sum or somesuch. That's all very well and good, but even so, some bots get past it. So I've added a new thing. A Sender Address Verification module. Basically, the email address supplied has to be legitimate before the form is accepted. This forces the bot programmers to tell the bot to post spam onto forms using actual email addresses. It also forces stupid people who mis-type their email addresses to type them properly, because the form does not accept an email address that does not check out.

I do it simply by passing a call to a function that runs the commandline utility vrfy99 (Linux). If vrfy99 returns "Unknown user", then the form submission is rejected. If it returns null, the form is accepted.

How does SAV work? Simple. It opens an SMTP connection to the MX server of the purported From email address. It asks to send mail To that email address. If the SMTP server returns OK, then the connection is closed, and SAV returns OK. If the server responds "Unknown user", then the SAV returns the same.

binary options q-profit scam abusing Mark Shuttleworth's name

The following sites are SCAMS. This post is intended as a public service so that if anyone googles q-profit they'll see it is a scam. E...