PHP Prevent E-mail Form Spamming

Spammers are trying to abuse your contact form for sending spam mails with e-mail injection? Check out the code to secure your e-mail form.

The Problem – E-mail injection:
Spammers try to “inject” in your form fields some extra – header information via bots to use your webserver as spam server. One solution is to scan the submitted values of your form fields for malicious content before sending the e-mail.

// formcheck, filters out spamming attempts

$errormsg = '';
$emailstr = '';

$emailstr .= $formfield1;
$emailstr .= $formfield1;
$emailstr .= $formfield3;

if ( stristr($emailstr, 'content-type:' ) || stristr($emailstr, 'multipart/mixed' )
|| stristr($emailstr, 'boundary="' ) || stristr($emailstr, 'cc:' )
|| stristr($emailstr, 'multi-part message in mime format' )
|| stristr($emailstr, 'to:' ) || eregi( "(%[a-f0-9])", $emailstr)
|| stristr($emailstr, '0x' ))
// the last two are in case of hex or non-standard chars
{
$errormsg .= "

Ups - bad boy

";
}

if (strlen($errormsg > 1))
    { ... do not send ... }
else
   { ... your normal e-mail handling ...}

Leave a Reply

Your email address will not be published. Required fields are marked *