Piping email to a program & preventing rapid-fire spam submissions

Question

I'm working on a site where, ideally, anyone will be able to email a specified address and attach a photo to their message (e.g. from an iPhone). This address will be set to pipe the email to a PHP script, which will then process this photo store it on our server.

I can see this system being pretty easy to abuse: someone sets up a page on their own server to repeatedly spam the address with photos, clogging up our storage space and server resources. Anyone have a suggestion on how to minimize this risk?

Thanks!

Answer 1

I don't see a fool proof method here. However you can treat this process like a user registration process. Once someone sends an email to you, you store the email in a temp storage, send an auto generated message back to the originating email address, asking them to click on a unique link to confirm or replying to that email with some special text.

Answer 2

A few options, off of the top of my head. I'd use a combination, though:

1. Use a registration system (guarded with a CAPTCHA) so that only registered users can use the service; give each user their own secret email address, and only accept emails from their registered address. (Yes, their address can be spoofed, but it's at least some protection against casual abusers)
2. Require the user put a secret code in the subject line so that even if their from address is spoofed by an attacker, they'd also need to know the code or else the message is rejected
3. Set up per-account limiting
4. Limit the photo size so someone doesn't try to upload a 100 MB photo repeatedly