使用PHPMailer从我的表单接收垃圾邮件
[英]Receiving Spam from my Form Using PHPMailer
问题描述
I am coming to stackoverflow for this because everything I search pretty much talks about email from a form using PHPMailer going to a users spam box. 
我之所以要使用stackoverflow,是因为我搜索的所有内容几乎都涉及使用PHPMailer将表单发送给用户的垃圾邮件箱中的电子邮件。 But, I need info on receiving spam from the form itself. 但是,我需要有关从表单本身接收垃圾邮件的信息。 I use it on a small, very light traffic real estate agents website. 我在交通流量很小的小型房地产代理商网站上使用它。 She gets spam from time to time and I don't know how to resolve it. 她会不时收到垃圾邮件,但我不知道该如何解决。 PHPMailer seems to be the go to tool for sending email with PHP, so I figure spam/security is pretty well covered. PHPMailer似乎是使用PHP发送电子邮件的首选工具,因此我认为垃圾邮件/安全性已被很好地涵盖了。 I must be doing something wrong.... I am using class.phpmailer.php of course, and here is my code: 我一定做错了...。当然,我在使用class.phpmailer.php,这是我的代码:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = trim($_POST["name"]);
$email = trim($_POST["email"]);
$phone = trim($_POST["phone"]);
$message = trim($_POST["message"]);
if ($name == "" OR $email == "" OR $phone == "" OR $message == "") {
echo "You must specify a value for name, email address, phone, and message.";
exit;
}
foreach( $_POST as $value ){
if( stripos($value,'Content-Type:') !== FALSE ){
echo "There was a problem with the information you entered.";
exit;
}
}
if ($_POST["address"] != "") {
echo "Your form submission has an error.";
exit;
}
require_once("phpmailer/class.phpmailer.php");
$mail = new PHPMailer();
if (!$mail->ValidateAddress($email)){
echo "You must specify a valid email address.";
exit;
}
$email_body = "";
$email_body = $email_body . "Name: " . $name . "<br>";
$email_body = $email_body . "Email: " . $email . "<br>";
$email_body = $email_body . "Phone: " . $phone . "<br>";
$email_body = $email_body . "Message: " . $message;
$mail->SetFrom($email, $name);
$address = "email@domain.com";
$mail->AddAddress($address, "A Name Here");
$mail->Subject = "Message from " . $name . " on website contact form";
$mail->MsgHTML($email_body);
if(!$mail->Send()) {
echo "There was a problem sending the email: " . $mail->ErrorInfo;
exit;
}
header("Location: index.php?status=thanks");
exit;
}
The HTML is very simple: HTML非常简单:
<form id="form" name="form" method="post" action="contact-process.php">
<?php if (isset($_GET["status"]) AND $_GET["status"] == "thanks") { ?>
<p class="form-thanks">Thank you for contacting us. We'll be in touch with you very soon.</p>
<?php } ?>
<label>Name
<span class="small">First and Last</span>
</label>
<input type="text" name="name" id="name" />
<label>E-Mail
<span class="small">name@email.com</span>
</label>
<input type="text" name="email" id="email" />
<label>Phone Number
<span class="small">With area code</span>
</label>
<input type="text" name="phone" id="phone" />
<label>Message
<span class="small">How can we help you?</span>
</label>
<textarea cols="40" rows="8" name="message"></textarea>
<button type="submit">Submit</button>
<div class="spacer"></div>
</form>
1 个解决方案
解决方案1
8 已采纳 2015-01-23 01:19:41
A simple technique to avoid spam is to use something called a honey-pot, which is a text field which is not visible to normal users but a dumb spam-robot will probably enter something into that field. 避免垃圾邮件的一种简单方法是使用一种称为“蜜罐”的东西,这是一个普通用户不可见的文本字段,但一个垃圾邮件机器人可能会在该字段中输入一些内容。
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// robot detection
$honeypot = trim($_POST["email"]);
if(!empty($honeypot)) {
echo "BAD ROBOT!";
exit;
}
$name = trim($_POST["name"]);
$email = trim($_POST["real_email"]);
$phone = trim($_POST["phone"]);
$message = trim($_POST["message"]);
// rest stays as is
In your HTML file you need to insert another "hidden" text field which is the honeypot: 在HTML文件中,您需要插入另一个“蜜罐”(honeypot)“文本”字段:
<label>E-Mail
<span class="small">name@email.com</span>
</label>
<input type="text" name="email" style="display: none;">
<input type="text" name="email_real" id="email" />
Note how I changed the name of the actual, visible email text field to "email_real". 注意如何将实际可见的电子邮件文本字段的名称更改为“ email_real”。 It would be even better to avoid the word "email" completely in the real email field, since many robots are dumb. 最好在真实的电子邮件字段中完全避免使用“电子邮件”一词,因为许多机器人很笨。
The invisible honeypot input field should be called "email" though. 但是,不可见的蜜罐输入字段应称为“电子邮件”。 Why? 为什么? Because most robots are scanning for some standard input fields like "email", "address" etc. - so it's important to give the honeypot a common form field name. 由于大多数机器人都在扫描某些标准输入字段,例如“电子邮件”,“地址”等-因此,给蜜罐一个通用的表单字段名称很重要。
Another neat trick is to swap some common field names, ie swap the name for email and zip fields, so robots will fill in a numeric value for the email address and an email address for the zip code which will fail the validation. 另一个巧妙的技巧是交换一些常用的字段名称,即交换电子邮件和邮政编码字段的名称,因此机器人将为电子邮件地址填写数字值,并为邮政编码填写电子邮件地址,这将使验证失败。
It's not a 100% guarantee to kill all spam but it worked quite well for me without forcing the user to solve an annoying captcha... 这不是100%保证消除所有垃圾邮件,但对我而言效果很好,而不会强迫用户解决烦人的验证码...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.