使用PHPMailer从我的表单接收垃圾邮件 [英] Receiving Spam from my Form Using PHPMailer

问题描述

我之所以要使用stackoverflow，是因为我搜索的所有内容几乎都涉及使用PHPMailer传递到用户垃圾邮件箱的表单中的电子邮件.但是，我需要有关从表单本身接收垃圾邮件的信息.我在交通流量很小的小型房地产代理商网站上使用它.她不时收到垃圾邮件，我不知道该如何解决. PHPMailer似乎是使用PHP发送电子邮件的首选工具，因此我认为垃圾邮件/安全性已被很好地涵盖了.我一定做错了....当然，我在使用class.phpmailer.php，这是我的代码:

I am coming to stackoverflow for this because everything I search pretty much talks about email from a form using PHPMailer going to a users spam box. But, I need info on receiving spam from the form itself. I use it on a small, very light traffic real estate agents website. She gets spam from time to time and I don't know how to resolve it. PHPMailer seems to be the go to tool for sending email with PHP, so I figure spam/security is pretty well covered. I must be doing something wrong.... I am using class.phpmailer.php of course, and here is my code:

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = trim($_POST["name"]);
  $email = trim($_POST["email"]);
  $phone = trim($_POST["phone"]);
  $message = trim($_POST["message"]);


if ($name == "" OR $email == "" OR $phone == "" OR $message == "") {
    echo "You must specify a value for name, email address, phone, and message.";
    exit;
}

foreach( $_POST as $value ){
    if( stripos($value,'Content-Type:') !== FALSE ){
        echo "There was a problem with the information you entered.";    
        exit;
    }
}

if ($_POST["address"] != "") {
    echo "Your form submission has an error.";
    exit;
}

require_once("phpmailer/class.phpmailer.php");
$mail = new PHPMailer();

if (!$mail->ValidateAddress($email)){
    echo "You must specify a valid email address.";
    exit;
}

$email_body = "";
$email_body = $email_body . "Name: " . $name . "<br>";
$email_body = $email_body . "Email: " . $email . "<br>";
$email_body = $email_body . "Phone: " . $phone . "<br>";
$email_body = $email_body . "Message: " . $message;

$mail->SetFrom($email, $name);
$address = "email@domain.com";
$mail->AddAddress($address, "A Name Here");
$mail->Subject    = "Message from " . $name  . " on website contact form";
$mail->MsgHTML($email_body);

if(!$mail->Send()) {
  echo "There was a problem sending the email: " . $mail->ErrorInfo;
  exit;
}

header("Location: index.php?status=thanks");
exit;
}

HTML非常简单:

<form id="form" name="form" method="post" action="contact-process.php">

    <?php if (isset($_GET["status"]) AND $_GET["status"] == "thanks") { ?>
      <p class="form-thanks">Thank you for contacting us. We'll be in touch with you very soon.</p>
    <?php } ?>

    <label>Name
    <span class="small">First and Last</span>
    </label>
    <input type="text" name="name" id="name" />

    <label>E-Mail
    <span class="small">name@email.com</span>
    </label>
    <input type="text" name="email" id="email" />

    <label>Phone Number
    <span class="small">With area code</span>
    </label>
    <input type="text" name="phone" id="phone" />

    <label>Message
    <span class="small">How can we help you?</span>
    </label>
    <textarea cols="40" rows="8" name="message"></textarea>

    <button type="submit">Submit</button>
    <div class="spacer"></div>

</form>

推荐答案

一种避免垃圾邮件的简单方法是使用一种称为蜜罐的东西，蜜罐是普通用户不可见的文本字段，但垃圾邮件却是哑巴，机器人可能会在该字段中输入一些内容.

A simple technique to avoid spam is to use something called a honey-pot, which is a text field which is not visible to normal users but a dumb spam-robot will probably enter something into that field.

if ($_SERVER["REQUEST_METHOD"] == "POST") {

  // robot detection
  $honeypot = trim($_POST["email"]);     

  if(!empty($honeypot)) {
    echo "BAD ROBOT!"; 
    exit;
  }

  $name = trim($_POST["name"]);
  $email = trim($_POST["real_email"]);
  $phone = trim($_POST["phone"]);
  $message = trim($_POST["message"]);

  // rest stays as is

在您的HTML文件中，您需要插入另一个蜜罐"(honeypot)文本"字段:

In your HTML file you need to insert another "hidden" text field which is the honeypot:

<label>E-Mail
<span class="small">name@email.com</span>
</label>
<input type="text" name="email" style="display: none;">
<input type="text" name="email_real" id="email" />

请注意如何将实际可见的电子邮件文本字段的名称更改为"email_real".最好在真实的电子邮件字段中完全避免使用电子邮件"一词，因为许多机器人很笨.

Note how I changed the name of the actual, visible email text field to "email_real". It would be even better to avoid the word "email" completely in the real email field, since many robots are dumb.

不可见的蜜罐输入字段应称为电子邮件".为什么?由于大多数机器人都在扫描某些标准输入字段，例如电子邮件"，地址"等-因此，给蜜罐一个通用的表单字段名称很重要.

The invisible honeypot input field should be called "email" though. Why? Because most robots are scanning for some standard input fields like "email", "address" etc. - so it's important to give the honeypot a common form field name.

另一个巧妙的技巧是交换一些常用的字段名称，即交换电子邮件和邮政编码字段的名称，因此机器人将为电子邮件地址填写数字值，并为邮政编码填写电子邮件地址，这将使验证失败.

Another neat trick is to swap some common field names, i.e swap the name for email and zip fields, so robots will fill in a numeric value for the email address and an email address for the zip code which will fail the validation.

这不是100％保证消除所有垃圾邮件，但对我而言效果很好，而不会强迫用户解决烦人的验证码...

It's not a 100% guarantee to kill all spam but it worked quite well for me without forcing the user to solve an annoying captcha...

这篇关于使用PHPMailer从我的表单接收垃圾邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！