Hi.
Looking for some feedback on how to prevent a specific spam attack.
I have a form for a person to subscribe to a mailing list and they can
type in their email and click submit to subscribe. They then are sent
an email asking them to click a link to confirm. how can I prevent a
spammer from simply looping through thousands of emails and populating
my email list table with thousands of records and crashing the system?
I have to insert first to get the id of the inserted record to have the
person click the confirmation link in the email sent to them.
I.E
1. submit email address to system (validate it server side)
2. if all is ok, and it is good data, insert it into the db and get the
id of the record just inserted
3. construct the email to the person, construct a confirm link using
the id in the querystring, and send it out.
4. redirect to thank you page explaining confirmation email was sent.
So how can I stop a spammer from jamming thousands of emails in the
system in 10 seconds?
I thought of using some sort of time test, such as 3 seconds, and if a
submission happens in 3 seconds past the initial one, some how testing
for a loop and tons of hits, don't allow it. However, I am not clear on
how to program such a solution.
Does anyone have a way of programming this protection?
Any input is greatly appreciated.
Thanks.
Justin
