[nycphp-talk] PHP script needs some filter help

Gary Mort bz-gmort at
Mon Sep 17 10:07:38 EDT 2007

Christina Karlhoff wrote:
> Hi Gary,
> Thanks, I appreciate your insight. 
> At the moment, I'm afraid that I am not privvy to the correct
> implementation of php code to track a user's submission... 

I make it up as I go along. :-)

You have a PHP form that sends an email.
So, at the very least, find where the mail is sent to the internal 
user(don't do this for the copy sent to the submitter, assuming you are 
sending a copy to the submitter which, if your getting spam, is a very 
very bad thing to do)
Assume that your message is stored in a text variable called $message.

$message .= " The submitters ip address was ";
$message .= $_SERVER[’REMOTE_ADDR’];
$message .= " and the secret code is YoLarry";

The point of this little bit of text is twofold:
1) It will tell you the ip address of the system that is submitting spam 
through your form.
2) The secret code is just a stupid little phrase to add so that the 
email came through your own form generator. As you may have someone who 
is spoofing the address the form generator uses but sending spam 
externally(ie your form may be fine and it may be something outside of 
PHP causing the problems).
Note: A better solution is to add those 2 items to the header, not the 
email body. Plus adding some extra tracking info, a cookie, the browser 
type, capabilities, etc. Basically, track your submissions and find out 
what, if any, is unique about the spam submissions that can be used to 
filter it.

What I would really do at that point is manually create the message id 
and store that in a database somewhere and do some reconcillation 
between the spam email and the emails generated by the form to ensure 
their the same.

Basically, the main point I'm making is that right now your getting 
spam. You think it comes from this form. Make SURE it comes from the 
form itself before you go spending time trying to figure out how to stop 
the form from sending spam. Also note that if you are getting spam, you 
may not be the target of the spam. If you allow someone to CC themselves 
on an email, what you may have is a spammer who is trying to send spam 
to other people(by claiming to be them and asking to be cc'd on the email).

This is a quick and dirty troubleshooting step, not a long term 
solution. A long term solution would be to build a more comprehensive 
tracking system for the emails, make sure it is as secure as possible, 
and take things step by step. (if you absolutely HAVE to allow everyone 
to send email to you through this form, you could send submitted emails 
through a spam filter and quarantine the spam on the server and just 
send the users a report every few hours "X new emails in Quarantine".)

More information about the talk mailing list