views:

50

answers:

3

I'm not sure if this is exactly possible, but figured I'd throw it out there.

I have a client that is getting some hate-mail from somebody he knows via a contact form on a website that I developed for him. Currently I do the normal checks for a validly-formatted email address, along with a Captcha, but the client has requested that a user enter his/her own email address in the form.

Now I realize that something like this could be easily spoofed by setting up a fake Yahoo account, etc, but the client's thinking is that this person is not quite that computer-literate.

Is there any possibility for checking if an email address is valid and in-use? The only other things I can think of is turning his contact form into a mailto: link.

+7  A: 

The only way to confirm an email address is in use is to send an email to it with a unique token, and have them pass the token back to you (usually by clicking a link). This is typically how mailing list signups work.

There are theoretical ways to tell in the SMTP protocol, but many (or maybe even most) servers don't respect those due to problems with spammers abusing them.

David Dorward
A: 

Although it may not work, I find Akismet ( http://akismet.com/ ) fairly good at blocking spam and unwanted emails in forms and comments.

If that fails and the problem is only one individual you can blacklist by IP, or even by browser fingerprint ( http://www.h-online.com/security/news/item/EFF-demonstrates-a-browser-s-finger-print-918786.html ) Ultimately it is impossible to stop someone though if they are dedicated.

DCD
A: 

Why not just not send this email if message contains some commonly used abuse word or abusers IP address?

Col. Shrapnel