使用 PHPMailer 从我的表单接收垃圾邮件

Receiving Spam from my Form Using PHPMailer

我为此来到 Whosebug,因为我搜索的所有内容几乎都在讨论使用 PHPMailer 发送到用户垃圾邮件箱的表单中的电子邮件。但是,我需要有关从表单本身接收垃圾邮件的信息。我在一个流量非常小的小型房地产经纪人网站上使用它。她不时收到垃圾邮件,我不知道如何解决。 PHPMailer 似乎是使用 PHP 发送电子邮件的首选工具,所以我认为 spam/security 已经很好地涵盖了。我一定是做错了什么....我当然在使用 class.phpmailer.php,这是我的代码:

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $name = trim($_POST["name"]);
  $email = trim($_POST["email"]);
  $phone = trim($_POST["phone"]);
  $message = trim($_POST["message"]);


if ($name == "" OR $email == "" OR $phone == "" OR $message == "") {
    echo "You must specify a value for name, email address, phone, and message.";
    exit;
}

foreach( $_POST as $value ){
    if( stripos($value,'Content-Type:') !== FALSE ){
        echo "There was a problem with the information you entered.";    
        exit;
    }
}

if ($_POST["address"] != "") {
    echo "Your form submission has an error.";
    exit;
}

require_once("phpmailer/class.phpmailer.php");
$mail = new PHPMailer();

if (!$mail->ValidateAddress($email)){
    echo "You must specify a valid email address.";
    exit;
}

$email_body = "";
$email_body = $email_body . "Name: " . $name . "<br>";
$email_body = $email_body . "Email: " . $email . "<br>";
$email_body = $email_body . "Phone: " . $phone . "<br>";
$email_body = $email_body . "Message: " . $message;

$mail->SetFrom($email, $name);
$address = "email@domain.com";
$mail->AddAddress($address, "A Name Here");
$mail->Subject    = "Message from " . $name  . " on website contact form";
$mail->MsgHTML($email_body);

if(!$mail->Send()) {
  echo "There was a problem sending the email: " . $mail->ErrorInfo;
  exit;
}

header("Location: index.php?status=thanks");
exit;
}

HTML很简单:

<form id="form" name="form" method="post" action="contact-process.php">

    <?php if (isset($_GET["status"]) AND $_GET["status"] == "thanks") { ?>
      <p class="form-thanks">Thank you for contacting us. We'll be in touch with you very soon.</p>
    <?php } ?>

    <label>Name
    <span class="small">First and Last</span>
    </label>
    <input type="text" name="name" id="name" />

    <label>E-Mail
    <span class="small">name@email.com</span>
    </label>
    <input type="text" name="email" id="email" />

    <label>Phone Number
    <span class="small">With area code</span>
    </label>
    <input type="text" name="phone" id="phone" />

    <label>Message
    <span class="small">How can we help you?</span>
    </label>
    <textarea cols="40" rows="8" name="message"></textarea>

    <button type="submit">Submit</button>
    <div class="spacer"></div>

</form>

一种避免垃圾邮件的简单技术是使用一种叫做蜜罐的东西,这是一个普通用户看不到的文本字段,但愚蠢的垃圾邮件机器人可能会在该字段中输入内容。

if ($_SERVER["REQUEST_METHOD"] == "POST") {

  // robot detection
  $honeypot = trim($_POST["email"]);     

  if(!empty($honeypot)) {
    echo "BAD ROBOT!"; 
    exit;
  }

  $name = trim($_POST["name"]);
  $email = trim($_POST["real_email"]);
  $phone = trim($_POST["phone"]);
  $message = trim($_POST["message"]);

  // rest stays as is

在您的 HTML 文件中,您需要插入另一个 "hidden" 文本字段,即蜜罐:

<label>E-Mail
<span class="small">name@email.com</span>
</label>
<input type="text" name="email" style="display: none;">
<input type="text" name="email_real" id="email" />

请注意我是如何将实际可见的电子邮件文本字段的名称更改为 "email_real"。最好在真实的电子邮件字段中完全避免使用 "email" 一词,因为许多机器人都很笨。

虽然不可见的蜜罐输入字段应该被称为"email"。为什么?因为大多数机器人都在扫描一些标准输入字段,如 "email"、"address" 等 - 所以给蜜罐一个通用的表单字段名称很重要。

另一个巧妙的技巧是交换一些常见的字段名称,即交换电子邮件和邮政编码字段的名称,因此机器人将填写电子邮件地址的数值和邮政编码的电子邮件地址,这将失败验证。

这不是 100% 保证杀死所有垃圾邮件,但它对我来说效果很好,不会强迫用户解决烦人的验证码...