|Do you know where your variables are?|
Security of Mail Scriptby Cody Pendant (Prior)
|on Feb 08, 2004 at 22:52 UTC ( #327513=perlquestion: print w/replies, xml )||Need Help??|
Cody Pendant has asked for the wisdom of the Perl Monks concerning the following question:
Due to enormous amounts of spam on our public email addresses, i.e. email@example.com, we're going to ask the public to communicate with us only by form.
Rather than use any kind of Matt-Wright-like solution, we're thinking we'll have a form where the recipient of the form is not visible in the source code, but only a lookup code for it.
So the form, rather than saying
will just have something like
and the actual email address will be looked up based on that key.
Is there any remaining security/spam issue, assuming that we also check that the form was submitted from one of our servers?
Obviously if someone goes to the trouble of spoofing our IP or domain, they can still spam me by imitating the action of the form, but apart from that, am I missing something?
Back to Seekers of Perl Wisdom