secure email form in PHP

Discussion in 'Web Design and Development' started by cwesty, Sep 5, 2006.

  1. cwesty macrumors member

    Oct 22, 2005
    Evening all!

    After a recent issue with spam i had to remove my old contact.php page

    Can anyone provide info for a secure script? Not necesarilly the code, but a useful link that I can use.

    Cheers in advance.
  2. Stampyhead macrumors 68020


    Sep 3, 2004
    London, UK
    Your best bet would be using regular expressions in PHP to check that the data entered into your email field is a valid email address. In my experience spammers usually hijack this particular field by adding HTML email headers to it so they can gain control of your script. Using regular expressions can make sure that nothing except "something@something.something" is entered in your email field. A good place to look for help on this is the PHP forums on Let me know if you need any more help with this.
  3. 4np macrumors 6502a


    Feb 23, 2005
    The Netherlands
    That could be a solution; however besides the regular expressions you would have to make sure the email address is indeed valid. In my email validation I check for example for mx records of the domain part and a smtp server. There are tricks to ask the receiving smtp server if an email address is valid; however you cannot trust this because most smtp servers return false positives.

    I think the best solution would be to check for validity and create a banned word list for example. If then some words from the banlist are found you could either decide to trash the post or (if you send this contact info by email) add some spam headers to your email. You could then use procmail to filter this email to some other mailbox.

    ...or something... ;)

    ps. you can use this regular expression for email validation; it's RFC 2822 compliant: ^([a-zA-Z0-9\.\_\~\+\=\*\'\-]+)@((([a-zA-Z0-9_\-]+)([\.]{1}))+)([a-zA-Z]{2,4})$

    ps 2. here is a short article on the matter:
  4. ChicoWeb macrumors 65816


    Aug 16, 2004
    I'm not sure what you mean by "Secure"...Do you mean a script that doesn't display your email address??? Theres tons of them. If you want, PM me and I'll show you the way to mine.

Share This Page