Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Form mail security

Thread Tools

Form mail security

the other john
Posts: n/a

Yes, I am using JMail in this case. This is what I've done so far...

I went with CAPTCHA solution. I have it working correctly. How much
more secure it is I don't know. This is what I'm using.

I also did a mid() on the fields such as IP and subject, etc. to limit
how much would go through. I hadn't thought of doing a replace(). I
have dealt with CHR(10) before however, sorry. What is your method for
using Replace for multiple conditions? I mean doing 2 or 3 replaces on
a single dim or something?

I'm looking into the validation now, thanks!

Alex wrote:
> Hi John!
> I've read this thread, but I can't find what "mailer" you're using.
> With "mailer" I mean "are you using CDOSYS or CDONTS, or JMail maybe?
> Some other flavor? This might be of importance. If you're using JMail,
> the most important thing to do is check your HEADER fields for
> linefeeds/-breaks. So, replace each & every CHR(10)&Chr(13) with
> nothing, or a dash, whatever, just no breaks. Breaks make the
> mailercomponent think another header is comming up. You can use
> breaksline/feeds in the body though. However, it might be good
> practise to replace every linefeed/break everywhere. As far as the
> other options are concerned, I use so-called one-time-pads with my
> forms. This however might be a long short for you. As the IP can't be
> checked as you say, you might considder checking for valid e-mail
> addresses. There are quite solid methods to do that. Check this for
> example:
> There are better options though which check for genuine addresses.
> This involves requests to other servers though.
> Returning to the hidden IP; can't you "just" ignore each request
> comming from a hidden IP? Anyway, this as well is a good read:
> It opened my eyes for sure!
> Anyway, let us know more please!
> Best regards,
> - Alex.
> On 25 Jun 2006 11:30:50 -0700, "the other john" <(E-Mail Removed)>
> wrote:
> >I'm having trouble with spammers getting through my mail script. I've
> >heard of FormMail for php but I need a solution for ASP. Any
> >suggestions? I don't know how to stop these guys from using my forms
> >to spam.
> >
> >Thanks!
> >John

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to retrieve form field value if form is EncType=multipart/form-dataForm? Li Zhang ASP .Net 4 02-27-2009 01:23 AM
Mail insertion hack on Send Mail form nauticalmac ASP General 0 12-23-2005 12:13 PM
e-mail form to an internal e-mail server?? Tim HTML 12 07-15-2005 04:14 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM
How secure is the security from my security form? Aaron Java 1 08-04-2003 06:16 PM