Preventing (or reducing) Contact Form abuse
-
Hi, I'm writing an enquiry lead generation website. What suggestions does anyone have for preventing abuse of the Enquiry/Contact Form. I'm specifically thinking about preventing a site visitor from impersonating someone else by using their name and email address (which results in the innocent 'victim' receiving calls/emails from companies contacted!) Apart from forcing users to register and confirm their account by email, is there any other way I can use to guard against this type of Contact Form abuse? One option I had was to log all the details of the enquiry in a database and sending a confirmation email to the email address used on the enquiry form. If the enquiry was genuine, the recipient of the email is asked to click the confirmation link in the email which triggers the enquiry to be sent on to the target companies. Is this feasible? Thanks in advance for any help, Cheers Adrian
-
Hi, I'm writing an enquiry lead generation website. What suggestions does anyone have for preventing abuse of the Enquiry/Contact Form. I'm specifically thinking about preventing a site visitor from impersonating someone else by using their name and email address (which results in the innocent 'victim' receiving calls/emails from companies contacted!) Apart from forcing users to register and confirm their account by email, is there any other way I can use to guard against this type of Contact Form abuse? One option I had was to log all the details of the enquiry in a database and sending a confirmation email to the email address used on the enquiry form. If the enquiry was genuine, the recipient of the email is asked to click the confirmation link in the email which triggers the enquiry to be sent on to the target companies. Is this feasible? Thanks in advance for any help, Cheers Adrian
- CAPTCHA to prevent spambots dropping junk information. 2) After the form is submitted, hold the data in a quarantine table for a specified time and send a link to the user. If the user clicks that promote the message from quarantine to Sales Request or whatever. 3) If the message has not been resurrected for the specified time, then prepare to cremate it.
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson -
- CAPTCHA to prevent spambots dropping junk information. 2) After the form is submitted, hold the data in a quarantine table for a specified time and send a link to the user. If the user clicks that promote the message from quarantine to Sales Request or whatever. 3) If the message has not been resurrected for the specified time, then prepare to cremate it.
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis LevinsonThanks Vasudevan. I like the idea of the quarantine table until the enquiry is confirmed. Any suggestions as to how I fire off the enquiries in the form of emails once the enquiry is confirmed? This site will use a SQL2005 database so could I take advantage of functionality within SQL2005? Thanks Adrian
-
Thanks Vasudevan. I like the idea of the quarantine table until the enquiry is confirmed. Any suggestions as to how I fire off the enquiries in the form of emails once the enquiry is confirmed? This site will use a SQL2005 database so could I take advantage of functionality within SQL2005? Thanks Adrian
You may like to check this thread which has quick code snippets for triggering validation emails.
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson -
You may like to check this thread which has quick code snippets for triggering validation emails.
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis LevinsonHi, did you miss the link off your post?
-
Hi, I'm writing an enquiry lead generation website. What suggestions does anyone have for preventing abuse of the Enquiry/Contact Form. I'm specifically thinking about preventing a site visitor from impersonating someone else by using their name and email address (which results in the innocent 'victim' receiving calls/emails from companies contacted!) Apart from forcing users to register and confirm their account by email, is there any other way I can use to guard against this type of Contact Form abuse? One option I had was to log all the details of the enquiry in a database and sending a confirmation email to the email address used on the enquiry form. If the enquiry was genuine, the recipient of the email is asked to click the confirmation link in the email which triggers the enquiry to be sent on to the target companies. Is this feasible? Thanks in advance for any help, Cheers Adrian
I agree with Vasudevan about the quarantine idea. It is probably the better approach along with the other ideas he suggested. I don't really know the extent of abuse that such a site would have but his suggestions can help curb it.
"I guess it's what separates the professionals from the drag and drop, girly wirly, namby pamby, wishy washy, can't code for crap types." - Pete O'Hanlon
-
Thanks Vasudevan. I like the idea of the quarantine table until the enquiry is confirmed. Any suggestions as to how I fire off the enquiries in the form of emails once the enquiry is confirmed? This site will use a SQL2005 database so could I take advantage of functionality within SQL2005? Thanks Adrian
Through triggers or perhaps stored procedures. http://sqldev.net/xp/xpsmtp.htm[^] might help you.
"I guess it's what separates the professionals from the drag and drop, girly wirly, namby pamby, wishy washy, can't code for crap types." - Pete O'Hanlon
-
I agree with Vasudevan about the quarantine idea. It is probably the better approach along with the other ideas he suggested. I don't really know the extent of abuse that such a site would have but his suggestions can help curb it.
"I guess it's what separates the professionals from the drag and drop, girly wirly, namby pamby, wishy washy, can't code for crap types." - Pete O'Hanlon
Paul Conrad wrote:
I agree with Vasudevan about the quarantine idea. It is probably the better approach along with the other ideas he suggested. I don't really know the extent of abuse that such a site would have but his suggestions can help curb it.
Thanks Paul. Regarding type of abuse, I'm specifically trying to guard against competitor sites (their employees :() filling out the enquiry form on my site with fake details anonymously. I see this possibly causing bad feeling with those companies who would be paying a monthly fee for the leads my site sends them. Now I don't know for sure if this sort of abuse takes place. My only hint that it does is a note on the contact form of a competitor site indicating that any misuse of the enquiry form will be "reported and investigated and appropriate action taken". As for stopping SPAMBots, I'll go for the CAPTCHA aswell. Thanks Adrian
-
Paul Conrad wrote:
I agree with Vasudevan about the quarantine idea. It is probably the better approach along with the other ideas he suggested. I don't really know the extent of abuse that such a site would have but his suggestions can help curb it.
Thanks Paul. Regarding type of abuse, I'm specifically trying to guard against competitor sites (their employees :() filling out the enquiry form on my site with fake details anonymously. I see this possibly causing bad feeling with those companies who would be paying a monthly fee for the leads my site sends them. Now I don't know for sure if this sort of abuse takes place. My only hint that it does is a note on the contact form of a competitor site indicating that any misuse of the enquiry form will be "reported and investigated and appropriate action taken". As for stopping SPAMBots, I'll go for the CAPTCHA aswell. Thanks Adrian
A client of mine does sales lead generation and under our NDA I cannot really go into detail how he takes care of the problem. In short, we have not ever had the abuse happen.
BungleBonce wrote:
My only hint that it does is a note on the contact form of a competitor site indicating that any misuse of the enquiry form will be "reported and investigated and appropriate action taken"
That is perhaps the best route...
"I guess it's what separates the professionals from the drag and drop, girly wirly, namby pamby, wishy washy, can't code for crap types." - Pete O'Hanlon