views:

32

answers:

2

To avoid spammers, what's a good strategy for imposing limits on users when sending email from our site? A count limit per day on individual IPs? Sender emails? Domains? In general terms, but recommended figures will also be helpful.

Our users can send emails through our web page. They can register and log in but are also allowed to do this without logging in, but with a captcha and with a field for the senders email. Certainly, there is a header, "The user has sent you the following message.", limiting the use for spammers, so perhaps it's not a big problem.

Any comments on what I'm doing will be greatly appreciated.

+1  A: 

IP addresses, not sender emails; which can be easily rotated and faked.

Delan Azabani
As can IPs by using the thousands of open proxies, and even dynamic ranges on DSL
Rowland Shaw
Great point. I forgot about that...
Delan Azabani
+1  A: 

Check source IP address against an RBL or botlist.