php - How can I protect our site from email subscription spamming?

Question

Our site has email input field for service launch notification. We do not use this for newsletters, only for notification. So I tested our site for basic vulnerabilities and found out that our email list fills up with spam email addresses.

I have this kind of php code to prevent spamming but still SOMEHOW they come through: (I have html form, email input and required checkbox input)

if(isset($_POST['submitbutton'])){
    if(filter_var($_POST['emailinput'], FILTER_VALIDATE_EMAIL) && isset($_POST['checkbox'])){
        $email = $_POST['email'];
        @file_put_contents('../outofpublicrootdir/emaillist.txt', $email . ";\n\r", FILE_APPEND);
        $mailnotifysend = 'You have been added to our notify list!';
    }
}

Can you help me somehow?

Answer 1

Whilst a captcha will reduce spam, it will certainly reduce legitamate signups as well.

You can instead use a few simple unobtrusive steps.

• Rename your form fields in your html - name the email field "first-name" or similar,and have another field called "email", that you hide with css (dont make it type=hidden, as this is a giveaway for spambots)

• create a random token, save it into $_SESSION via an ajax call, put it into a hidden field, and confirm they match on submission - generic spam bots rarely parse javascript

Answer 2

You can try using validation key when inputting emails for notification. for example, generating a random codes, then the user should fill in the codes correctly before he can submit an email. You should also add this feature to your code.

Answer 3

The answer is simply use captcha for example http://www.google.com/recaptcha/intro/

you can also use some fields named "email" etc. and hide them in css then check in php if they are filled if so then ignore submission.

To be 100% sure that you allow all proper emails use Regex based on RFC which you can find here