PHP "Contact" form, e-mail address safe from spam?

Question

So I got this PHP code for a "Contact us" form online (I do not code PHP myself), but it contains my e-mail address in full. Does the following form make my e-mail safe from spammers?

contact.php file (real email has been replaced by MYEMAIL@COMPANY.COM):

<?php
// Contact Form 

// Get posted data into local variables
$EmailFrom = Trim(stripslashes($_POST['EmailFrom'])); 
$EmailTo = "MYEMAIL@COMPANY.COM";
$Subject = "A User Has Contacted You";
$Name = Trim(stripslashes($_POST['Name'])); 
$Message = Trim(stripslashes($_POST['Message'])); 

// Validation
$validationOK=true;
if (Trim($EmailFrom)=="") $validationOK=false;
if (Trim($Name)=="") $validationOK=false;
if (Trim($Message)=="") $validationOK=false;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
  exit;
}

// Prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";

// Send E-Mail 
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");

// Redirect to Success page 
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=success.htm\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>

html snippet:

<form method="POST" action="contact.php">

...

</form> 

I've read that e-mail addresses contained in PHP is completely safe from crawlers since it is all server side (that is assuming your server/site is secure). Not sure if this is true or not, there's so much information out there I couldn't find a definitive answer after searching online. If someone could confirm if this code is safe to use or not that would be great, thanks!

Answer 1

Simple answer, You are safe. Because the PHP elements will only be processed on the server, therefore there is no way for anyone to see your email address.

Answer 2

Your e-mail is protected since it's all serverside, unless for example he has fpt access to your website or you have some type of vulnerability.

Also you might want to consider something like this to prevent flooding.

    session_start()

    define('TIME_INTERVAL', 120);

    if(isset($_SESSION['ip']) && (time() - $_SESSION['last_post']) < TIME_INTERVAL) 
    }
       die('stop spamming !');
    {

    $_SESSION['last_post'] = time();
    $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];

Also regarding your e-mail validation you might wanna take a look at this, which also validates the domain of the email to see if it's an existing email server.

function validate_mail($email)
{
 if (filter_var($email, FILTER_VALIDATE_EMAIL)) 
 {
    list($username,$domain)=split('@',$email);
    if(checkdnsrr($domain,'MX')) 
    {
      return true;
    } 
 }
 return false;
}

Answer 3

The address is safe, except in the unlikely event that the files gets served as plain text and is readable (as Sean says), but you should read up on email injection attacks as you're vulnerable to those.

Answer 4

Unless they have access to that file and read it, you're fine. They can't get at it. It's all server side like you said.