Hello:

One of my clients that I recently setup to use formmail.php is getting loads of spam all of a sudden now that forms have been added to the site. What can I do if anything to slow it down or stop it?

hi

use the "AT_MANGLE" feature (formmail.php ~ line 2893)

define("AT_MANGLE","AT");

regarding this feature I highly recommend you to read the following thread:
http://tectite.com/vbforums/showthread.php?t=807
there're very good examples about how to use it best and most effective

erik

also, now that a spammer has the email address, there's nothing you can do other that change the email address and disable (delete) the old one.

AT_MANGLE works, but it's generally too late to close the barn door when the horse has already bolted.

You are right about it just may being to late as I am doing this after the fact and the site being up for about two weeks.

Also one other problem which formmail has no control over and that is there are a few just regular email (mailto) links on the site. Even if I activated the define("AT_MANGLE","AT"); before putting the site up it most likely still would have not matter with the regular email mailto links.

yep, too late

also it's better to avoid regular mailto links, at least i do so
there exist different methods to handle that, for example by using javascript ...
just search google for this topic, there you'll find a lot

You're saying you don't have to use mailto ?

Can you send me example that you are using?

What exact words would I use to search?

Disable or delete is impossible now due to this site belonging to a business and the domain.com cannot be changed of course and all the usernames in front of the @ symbol are already in place. In fact I am not even using the usual names like info, sales, and so forth. Every usernames is specific.


also, now that a spammer has the email address, there's nothing you can do other that change the email address and disable (delete) the old one.

AT_MANGLE works, but it's generally too late to close the barn door when the horse has already bolted.

not exactly "no mailto", but:

for example:
http://www.net-force.nl/tools/anti-spam/

or:
http://www.polycoder.de/was-macht-der-polyCODER/script-php-str2ascii.html
(sorry, site only in german)

or:


<script language="JavaScript"><!--
var name = "protected";
var domain = "domain.com";
document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
document.write(name + '@' + domain + '</a>');
// --></script>


or an extremely simply one from Phloo (a member from spotleid)


<a href="mailto:info_at_domain_point_de" onmouseover="this.href=this.href.replace('_at_','@');this.href=this.href.replace('_point_','.');">Mail me!</a>


there exist a lot more possibilities, scripts and also freeware apps


e: maybe too late for getting no spam, but not too late for getting less spam

Yeah, I think you are right, won't eliminate what has been done but could help any new spam bots scanning. Thanks for the great help.

I tried the encoding method, wow, talk about the way it encodes if you use one of the automated procedures.


not exactly "no mailto", but:

for example:
http://www.net-force.nl/tools/anti-spam/

or:
http://www.polycoder.de/was-macht-der-polyCODER/script-php-str2ascii.html
(sorry, site only in german)

or:


or an extremely simply one from Phloo (a member from spotleid)


there exist a lot more possibilities, scripts and also freeware apps


e: maybe too late for getting no spam, but not too late for getting less spam

till yet i haven't really used one of the automated methods
but the first one (net-force.nl) looks rather "heavy" ;)

» Description
Spambots search / crawl the web for e-mail addresses to send you crap. For webmasters there are different ways to show an e-mail address on a web page, while hiding the address for spambots. For example, you can display a picture with the address on it, instead of the html link.

The script below uses two different ways to hide an e-mail address from spambots. First of all, it encodes the text to HTML entities. The browser displays these entities without a problem, but many spambots are fooled by this. The 'Less simple' and 'Heavy' way also use Javascript to hide the '<a href="mailto:">' tag and split up the e-mail address, so a spambot won't even detect it is a link.

Summary of methods:

Simple
HTML Entities
Less simple
HTML Entities, Javascript
Heavy
HTML Entities, Javascript, Split up
(quoted from http://www.net-force.nl/tools/anti-spam/)


regarding the second link (polycoder.de) there's to read that this encoding method is not exactly safe anymore, because in the meantime some searchengine-robots can readout such encrypted passages.
therefore I prefer a method using javascript or both, for paranoid ones ie the "heavy" method from net-force.nl

I decided to use the net-force and the Heavy selection and it's working fine but I need to add a css class for the link to show in a certain color and not the default blue. So I added name@domain.com (name@domain.com) class="emailLink" to the email address box but when I added to code to my html page, the color was still blue and the class=emailLink was at the end of the address when I clicked on it. Where exactly do I need to place the class code if that is even possible?


not exactly "no mailto", but:

for example:
http://www.net-force.nl/tools/anti-spam/

or:
http://www.polycoder.de/was-macht-der-polyCODER/script-php-str2ascii.html
(sorry, site only in german)

or:


or an extremely simply one from Phloo (a member from spotleid)


there exist a lot more possibilities, scripts and also freeware apps


e: maybe too late for getting no spam, but not too late for getting less spam