Updated website email immediately available to spammers?

I started to receive spam at the email address which was only used on my site’s contact form (http://philipowens.com/contact/), so I deleted that email addy at my web hoster, created a new one, updated Rapidweaver with it and thought that would be the end of spam. But within a day or two, I was receiving spam again - at the completely new address. This is the only place that email address is used, so it must be ‘leaking’ from my site, despite that as far as I can tell, it’s hidden - looking at the source of the page it looks like:

<div style="display: none;">
			<label>Spam Protection: Please don't fill this in:</label>
			<textarea name="comment" rows="1" cols="1"></textarea>
		<input type="hidden" name="form_token" value="18171605415c54df29b9783" />
		<input class="form-input-button" type="reset" name="resetButton" value="Reset" />
		<input class="form-input-button" type="submit" name="submitButton" value="Submit" />

Any ideas what I can do?


I took a look and don’t see any email addresses in the clear. is the spam a form being submitted or something else?

No, the emails aren’t (I believe) coming via the form as they are cookie-cutter spam, and surely the spammers aren’t typing each of these into the web interface?

Spammers often try random common address prefixes like info@, contact@ etc, Is that a possibility in your case?

1 Like

Are they all coming from the same place?

They are much more clever than that: there are sophisticated tools to autofill any and every form they trawl for and pass their muck our way.


1 Like

Ah, hadn’t thought of that. And that would explain why the same spam (almost all is German language spam, oddly enough) continued even after I’d changed the email address - likely their infernal ‘spam machine’ just kept returning to the same URL. Thanks for this heads up, it hadn’t occurred to me.

Largely, yes. And your thesis fits because the spam continues to arrive formatted per that contact form output.

So the question now is - is there any way I can prevent this?

If you install CAPTCHA, they’d have to be pretty determined manually to comply with its requests every time; which isn’t saying that they won’t - alas.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.