What are best practices to reduce junk mail using PHP and captcha?

Question

My site has the following code to send email.

if($_SESSION["captcha"]==$_POST["captcha"]) {

$msg="Require Services :\t$_POST[service]\n";
$msg="Name :\t$_POST[name]\n";
$msg.="Company Name :\t$_POST[co_name]\n";
$msg.="Address :\t$_POST[address]\n";
$msg.="Mobile :\t$_POST[mobile]\n";
$msg.="Phone :\t$_POST[phone]\n";
$msg.="E-mail :\t$_POST[email]\n";
$msg.="Message :\t$_POST[message]\n";

$subject=$_POST[subject];
$to="[email protected],[email protected]";
$headers="From: $_POST[email] < $_POST[email]> \n";
$headers .= "Reply-To: $_POST[email]\n\n";

mail($to,$subject,$msg,$headers);}

?>

Even after using captcha to reduce junk mail I still get a lot of junk. Does anyone have any suggestions or improvements to my code they could provide?

Answer 1

I'm not sure if this is the cause of your problem, but you should unset $_SESSION["captcha"] in that file so that the user has to type the captcha once per e-mail. The way it is now, they could hit refresh after submitting the form and send as many e-mails as they wanted very quickly.

Answer 2

Add a new input field, label it "Please leave blank", hide it using CSS, and ignore the post if that field is filled in. Something like this:

<style type='text/css'>
#other_email_label, #other_email {
    display: none;
}
</style>
...
<form action='mail'>
<label id='other_email_label' for='other_email'>Please leave blank:</label>
<input type='text' name='other_email' id='other_email'>
...
</form>

So a human being won't see that field (unless they have CSS turned off, in which case they'll see the label and leave it blank) but a spam robot will fill it in. Any post with that field populated must be from a spam robot.