I must admit I do not like formmail at all. At one side I try to get rid of spam (and help others to get rid of their spam) At the other side I help people creating their mail forms - and formmail can be quite an obstacle: - many versions include a referer check which would not really prevent a spam engine from abusing it, but has a high probability of preventing flash-based mail forms to work. - allowed recipients is a great feature if the users are happy with it, but it definitely breaks any attempts at sending a confirmation mail
Now that allowed recipients is saved either in a text file on the respective domain, or in a database populated by a control panel, I would probably change the script to disallow cc and bcc transmitted from the web - unless the site owner states the contrary in the same file or database A different point: I have been quite annoyed by people "testing" contact forms and typing rubbish text and email into them, so I have made it a habit to verify that email addresses are valid: no spaces, umlaut or accent characters, and a domain with an MX or at least A record. Adding this feature to formmail might help all sites on a server; it does not really prevent spam, although it might stop a few attempts ... but it does not block legitimate use of formmail either Wolfgang Hamann >> >> We had downloaded the latest anti-spam formmail.pl that has >> allowedReceipients. However, I think the spammer is violating it by >> putting the right receipient in the "To" field and then add a lot of >> Bcc receipients. Anyone knows if there's a formmail version that >> disallow any Bcc and Cc or at least checking them against >> allowedReceipients? Sorry for asking other question in this list, but >> I hope there are experts here who have good knowledge to fight spam. >> >> >>
