I have a simple form that users use to register their email address for a newsletter.
I want to prevent spammers submitting 000's of fake emails. What's the best way to do this?
I thought about limiting the number of inputs from each IP address to, say, 60 per hour, but then thought anyone determined will simply spoof their IP as part of the attack.
Any ideas?
*EDIT: I am looking for a server-side solution. In this situation, UX is important so I don't want to use a captcha, or ask the user to validate with a token
You could do something like this,
function validEmail($email){
if (filter_var($email, FILTER_VALIDATE_EMAIL)){
list($user,$domain) = explode('@',$email);
return checkdnsrr($domain, 'MX');
}
return false;
}
it may not pick up every fake email, but I always validate their email by sending them a validation email with a link.
EDIT:
As for spam on a form use CSRF, that should prevent most spam (at least in my experience)