PHP form blocking domain

Question

I'm pretty new to PHP (I'm more partial to Ruby), but the website at my company has an email form that customers can fill out to order samples. I'm getting spam from it mostly from @yahoo domains. Is there a snippet of code that I can insert in my formmailer.php file that can prevent people from Yahoo from submitting something into the form?

Thanks for any suggestions in advanced!!

Update:

<form action="formmailer.php" method="post" id="contact" style="margin-bottom: 0;" onsubmit="return math_check()">

and for the script in used

<script type="text/javascript">
function math_check(){
var nr = document.getElementById("math_check").value;
 if (nr != 7) {return false;}
 else {return true;}
}
</script>

I do have to go and do some research on this so I have a better plan in the future. Thanks for all your help.

not good to keep out a domain like that. Better to add a captcha or a simple 3 + 4 = ? in javascript — Sergio, Jun 24 '13 at 13:38
So your company wants to deny all orders from customers who have Yahoo! email addresses? You might want to confirm that with the business before implementing it in the site. — David, Jun 24 '13 at 13:41
I want to do that so I don't get spam sent to the marketing person, and the marketing director wants that blocked, since we are a B2B he wants only business domains. — George, Jun 24 '13 at 13:52
So there is no possible customer that can have a yahoo account?! I would not do that. — Sergio, Jun 24 '13 at 13:54
That's what I told him, it's what he wants. I'm not his biggest fan. — George, Jun 24 '13 at 13:56
Just send a confirmation link to their mailbox. They click it, great. They don't, it's spam... — CodeAngry, Jun 24 '13 at 14:06

score 1 · Answer 1 · answered Jun 24 '13 at 13:39

1

Searching for the domain inside email address:

if (preg_match("/@yahoo/", $email)){
  //Yahoo domain detected.
}

answered Jun 24 '13 at 13:39

sybear

7,837
1
22
38

Cool, how would I implement that in my script? Would I just wrap my sender in that or create an if statement and use the mailing script as the else? – George Jun 24 '13 at 13:55

Sergio · Accepted Answer · 2013-07-22T16:42:32.333

0

Add one of this options to your files instead of blocking a whole domain:

PHP solution:
(Assuming you use a form with method POST)

on your form file:

3 + 4 = <input type="text" id="math_check" value="?" name="math_check" />

on your mail/php file:

$math_check = $_POST["math_check"];
if ( != 7) {die()};

You can also do this with javascript and maybe easier to say in case a human being misses that math test :)

Javascript solution:
(Demo here)

on your html:

<form action="formmailer.php" method="post" id="contact" style="margin-bottom: 0;" onsubmit="return false;">
    <input type="text" id="math_check" />
    <button type="submit" />Submit</button>
</form>

and the javascript that will submit only if number is 7:

window.onload = function () {
var form = document.getElementById("contact");
function math_check() {
    var nr = document.getElementById("math_check").value;
    if (nr != 7) {
        return false;
    } else {
        form.submit();
    }
}
form.addEventListener("submit", math_check, false);

};

edited Jul 22 '13 at 16:42

answered Jun 24 '13 at 13:43

Sergio

28,539
11
85
132

Would I be able to put that anywhere in my PHP form? I'm guessing that those are global variables. – George Jul 22 '13 at 14:31
I actually decided it would be easier to use your JS solution, thanks for that. Although now when I submit the form no matter what I put into the math_check input it still sends the form, I put the code I used in the original post as an update. Thanks again for the help. – George Jul 22 '13 at 14:53
@GeorgeOffley, nice I was helpful. I posted an updated answer matching your code and also a demo. Let me know if it works good for you. – Sergio Jul 22 '13 at 16:43

score 0 · Answer 3 · answered Jun 24 '13 at 13:44

Well I'm sure you could just check the input string for the email address form and check to see if the word 'yahoo' exists, like Jaris answer, but thats mad because any genuine users with Yahoo! Emails will get blocked. You should probably implement some sort of CAPTCHA such as reCAPTCHA to stop Spambots from filling in your form.

If you don't like CAPTCHAs you can try other ways of detecting if it is a real person submitting the form, such as a simple maths questions (although these can be broken quite easily, but if it's a low traffic site it will at least stop simple Spam bots). You can also use Honeypot fields or you can restrict the amount of times the form can be submitted. Check this page out for other alternatives to the CAPCTHA.

I'm not saying this will be foolproof but its better than blocking any poor soul who happens to use a Yahoo email address.

PHP form blocking domain

3 Answers3