Our site has email input field for service launch notification. We do not use this for newsletters, only for notification. So I tested our site for basic vulnerabilities and found out that our email list fills up with spam email addresses.
I have this kind of php code to prevent spamming but still SOMEHOW they come through: (I have html form, email input and required checkbox input)
if(isset($_POST['submitbutton'])){
if(filter_var($_POST['emailinput'], FILTER_VALIDATE_EMAIL) && isset($_POST['checkbox'])){
$email = $_POST['email'];
@file_put_contents('../outofpublicrootdir/emaillist.txt', $email . ";\n\r", FILE_APPEND);
$mailnotifysend = 'You have been added to our notify list!';
}
}
Can you help me somehow?
The answer is simply use captcha for example http://www.google.com/recaptcha/intro/
you can also use some fields named "email" etc. and hide them in css then check in php if they are filled if so then ignore submission.
To be 100% sure that you allow all proper emails use Regex based on RFC which you can find here