Fighting spam, my way

I hate spam (a.k.a. unsolicited commercial email).  I can’t stand it when vulgar messages get through our filters and end up in staff mailboxes.  A lot of that stuff has horrible text and images about various body parts and activities.  So, my aim is to make our Web site as safe as possible to prevent spam bots from grabbing up all of our addresses and sending us a bunch of junk.

In the past, I developed a simple form.  Our standard for e-mail addresses is firstname.lastname@fbcbelton.org.  So, my script address would be http://www.fbcbelton.org/cgi-bin/send.pl?to=firstname.lastname.  It then added the domain on the server side, out of the view of spammers.

When I moved to the new server, I made a number of changes here.

  • I changed it to a PHP script rather than a Perl script.  There was only one reason for this - it’s easier to use the PHP library for Mailhide than the Perl library.
  • I was showing the e-mail address in graphic form on the page, in addition to the contact form.  So, matthew.irvine@domain.org was broken into 16 images (i.e. m.jpg, a.jpg, t.jpg, t.jpg … etc)  People were just confused by that since they couldn’t click on the address.  Plus, I bet spammers will figure out how to read those (if they haven’t already).  Well, I took that off.  Now, the “To” area shows the staff person’s first and last name.
  • It was very difficult to teach staff to use their e-mail URL since it was cumbersome (http://www.fbcbelton.org/cgi-bin/send.pl?to=firstname.lastname).  So, I added a mod_rewrite rule to change the structure to the much friendlier http://www.fbcbelton.org/send/firstname.lastname.  Here’s how:
    RewriteRule ^send/([^/\.]+).([^/\.]+)/?$ /cgi-bin/send.php?to=$1.$2 [L]
  • Finally, I added the Mailhide API to the page so that people who need to send attachments or just want to use their regular e-mail client can do so.  Now users can click on “Show actual e-mail address,” enter a captcha, and be shown an actual mailto with the honest-to-goodness address.  By the way, I really like Mailhide - I think you might also.

We’ll see how it all works out.  I bet it’ll do well.  I have several things still left to do.

  1. Instead of creating a separate directory of e-mail addresses to pull from, I will change the script to pull the actual address from Wordpress based on their Wordpress username.
  2. Currently, you can enter any name into the URL and it will generate a page, so http://www.fbcbelton.org/send/poopy.face will indeed generate a page.  It will error out if you send a message, but the page will be generated.  I’ll fix that later.
  3. Lastly, I might make it a little more difficult for the address to be guessed from the URL.  I know I’m overly paranoid, but I’m worried that eventually spammers will be able to figure out that http://www.fbcbelton.org/send/firstname.lastname belongs to firstname.lastname@fbcbelton.org, since all of that is in the URL.  By the way, that same line of paranoia is also why I used “send” in the URL instead of “contact.”

P.S. - I’m at sea right now.  This post was previously written.

Related posts

This entry was posted on Wednesday, June 25th, 2008 at 11:30 am and is filed under Communication. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Fighting spam, my way”

  1. ShelbyLife Says:
    June 26th, 2008 at 8:04 am

    Mailhide is awesome! definitely implementing it on my site. thanks matt.

Leave a Reply