Several of my current projects use formmail, so of course, not long after launch, we started getting inundated with spam. Formmail version 8.15's ATTACK_DETECTION_JUNK does a great job eliminating the kind made up of nonsense strings, however, now we're getting spam with intelligible name, address, etc. fields, which it doesn't block. My clients are adamantly against using a captcha, but since the spam we're getting is usually ads for male enhancement drugs or pornography, the keywords are often repeated. i was thinking a 'blacklist' of keywords like 'viagra' and 'xxx' might be the way to go. Does anybody know if this is possible in formmail, and/or has anybody done it?

Thank you.

Hi,

This type of detection has been suggested several times in the past.

We're reluctant to implement it because it requires on-going maintenance by the website owner, which is usually awkward.

Having said that, we are still considering the feature. For example, perhaps we'll maintain a central list of words to block and then everyone can use that list and send in suggestions for additions to it.

We prefer attack detection features that require no on-going maintenance by the website owner.

The spam you're getting is likely to have URLs in it. So, why not use these features:
http://www.tectite.com/fmdoc/attack_detection_many_urls.php
http://www.tectite.com/fmdoc/attack_detection_many_url_fields.php

If that's not suitable, the alternative to Captcha is Reverse Captcha. This tries to trick the spam bots into revealing that they are bots.

Here's the documentation:
http://www.tectite.com/fmdoc/attack_detection_reverse_captcha.php

If you don't know how to make fields invisible using CSS, or other techniques (e.g. colouring), post back and I'll give you a suggestion.

You can test it with visible fields first to - pretend to be a spam bot and then pretend to be human :p:).