check email address is real

[Andre]

I get a lot of spam from my website feedback form.
Is there a way one can validate the email address that a user insert in the
form, and keeps nagging, until the email address verify correctly ?
Using frontpage 2003
Thanks

 

[Tom Willett]

No.
--
===
Tom Willett
Microsoft MVP - FrontPage
---
FrontPage Support:
http://www.frontpagemvps.com/
===
|I get a lot of spam from my website feedback form.
| Is there a way one can validate the email address that a user insert in
the
| form, and keeps nagging, until the email address verify correctly ?
| Using frontpage 2003
| Thanks

 

[Ronx]

Best you can do if using FPextensions to process the form is add a
question (and text box for the answer) that only a human can answer.
Example:
What colour is a black cat?
Then use JavaScript to check the answer is black (allowing for
uppercase, lowercase and combinations).
You can use the Form Properties to stop this field being uploaded to the
server or sent in email.
If the spambot is human or does not use JavaScript, there is nothing you
can do, other than switch to server-side scripting to process the forms.

 

[Andre]

Thanks Ronx, I will try the question/answer approach, it should at least
cut down on some of the spam, I think.
your response appreciated.

 

[Murray]

Here's a very cool idea:

1. Add a link to an external js file before you close the form.
2. Have the external js file do a document.write of a hidden field with a
value, e.g.,

document.write("<input type=\"hidden\" name=\"whatever\" value=\"orange\" /"
+ ">");
3. Validate the form for this field and its value on the SERVER side.
4. Reject submissions that do not validate.

The idea is, spambots do NOT execute javascript, and therefore submissions
coming from them will lack that field, and therefore won't validate.

If you are concerned about those who might be surfing with js disabled, then
add a <noscript> tag that ACTUALLY CONTAINS THE FIELD, e.g.,

<noscript>
<input type="hidden" name="whatever" value="orange" />
</noscript>

Bots will miss that one too!

 

[Chris Leeds, MVP - FrontPage]

along those lines but not as intense;
I'd wondered if replacing the "submit" button with an "advanced" button
which has an "onclick" event to submit the form would side-step most of
those spam bot form fillers.

--
Chris Leeds
Contact: http://chrisleeds.com/contact
Have you seen ContentSeed (www.contentseed.com)?
NOTE:
This message was posted from an unmonitored email account.
This is an unfortunate necessity due to high volumes of spam sent to email
addresses in public newsgroups.
Sorry for any inconvenience.

 

[Murray]

Interesting idea. I suppose you could also just have a new submit button in
the <noscript> tags, too!

 

[Jon Spivey]

Curious that bots don't read noscript though - is that documented anywhere?

Cheers,
Jon

 

[Murray]

Honestly, I'm not sure. If it's a typical bot, I don't think they work from
a rendered page, so <noscript> tags become irrelevant, no?

 

[Jon Spivey]

Not a rendered page but surely they read the html as delivered by the server
and just ignore the tags they're not interested in but read the content
between? This is why the noscript tag works on every browser - if it doesn't
understand the tag it ignores it and reads whatever's inside. In the same
way as if you put
<murray>
some stuff
</murray>
Obviously Murray isn't a tag so a browser will ignore it but display the
content between. I can see that document writing a hidden field would make
automated submissions easy to catch - at the expense of making the form
unusable for non-js users.

I just wouldn't put money on the noscript tag distinguishing between users
and bots

Cheers,
Jon

 

[Murray]

Yeah - I'm not sure about that part of it, although the first part should
work well.

You could always have -

<noscript>This form requires javascript for proper operation. Please enable
it.</noscript>