Spamproofing the Archives

From: Steve Jones <classiccmp_at_crash.com>
Date: Sat Dec 7 13:34:00 2002

> The way I had thunk it, it would need to be both unique and
> reversable.

Nope, don't need to. When you add an email address to the database,
calculate the MD5 hash and store that with it. Make sure you've got
indices on the table for both the hash and the address. When some
user uses the form you get the hash back as an argument, form field,
whatever. Look it up in the table and you get the cleartext address.

Remember the goal is to never put the sensitive data - in this case
the email address - where someone browsing the website can get it.

> It's not. I have jack-asses posting spam to my VCF BBS and
> through my feedback form occasionally.

Good point, Sellam. So make the send/confirmation step include the
bit where the sender has to input some value from a graphic. Seems
like enough to exclude the scripts, provided you're careful about
the filenames of images, etc. Remember, you can have another
database table that relates the gibberish name of these graphics to
the text the sender is suppose to enter.

This is starting to sound like a fun little project...

--S.
Received on Sat Dec 07 2002 - 13:34:00 GMT