The Poorhouse is deadly opposed to the great evil that is spam, not least the perils of webform spam. Whoever first thought inventing a little program that toured the web typing in "Extra Good Viagra $1!!!" into a contact form and pressing send approximately 100 times a minute...well...no punishment is bad enough to exert.

In the course of being involved in a few sites, the Poorhouse has developed/stolen/borrowed a few simple ideas to combat it by pre-processing the input entered into the form before taking whatever action is required with the information. This could be sending an email to a member of the site, filling an entry in a database, and so on.

Below is a small PHP script that combines a few of these in a genericish way such that you can plug it into any PHP-enabled site you wish to allow spam to be tested for easily. It is in no way complicated, magic or original, but it has proved useful on numerous sites.

It tests for the following indicators of spam:

• the message contains a high number ("high" can be defined by you) of weblinks - starting <a href=.... or [url=....
• the sender's email address does not appear to be in a valid format
• the sender's email address contains new line characters indicative of header injection attempts
• the message contains any specific words of your choice - "viagra" being the obvious one
• the sender's email address contains any specific words of your choice - e.g. is from a certain domain

It also, optionally, logs its decisions as to whether it the message is spam, the message content itself, and various useful details such as IP address, referrer and user agent to a MySQL database.

Feel free to download it below. No restrictions, no guarantee that it won't destroy anything.

Installation and usage instructions