Top ASP 101 Stories What is Adovbs.inc and Why Do I Need It? An Overview of ASP.NET Connections, Commands, And Procedures QUICK TIP: Use Response.Write Instead of Building Strings Show All Tips >>  ASP 101 Updates

Quick Tips

Spam isn't just an e-mail problem anymore. Web forms are now a routine target of spammers. Whether your web site is a personal one just looking for feedback or a commercial site generating sales leads, getting dozens of entries for link exchanges or online gambling sites isn't anyone's idea of useful feedback.

Luckily there is something you can do about it. What you may not realize is that the people (or bots) filling out your forms actually give you more information then you receive from the form submission. This information is in the form of the items in the Request.ServerVariables collection.

For more information about the Request.ServerVariables collection, you might want to check out our ServerVariables sample code.

If you're routinely getting feedback from what you believe is the same source, try including a number of the server variables in your feedback to see if you can pick up a pattern. If you notice anything that makes the spammer's messages stand out from the rest, you can then use it to filter your responses. For example, many of the automated bots that fill out the forms don't send anything to identify themselves, so checking for the value of HTTP_USER_AGENT might help weed out some unwanted feedback:

If Request.ServerVariables("HTTP_USER_AGENT") = "" Then
	' Don't send feedback
Else
	' Send feedback
End If

The conditions to check for will vary based on sender, but checking the user agent, ip addresses, or even just seeing if the user's browser is storing an ASP session cookie can all be dead givaways. Sometimes you can even pick up patterns that you can check for in the actual messages the spammer is sending. Once you find a pattern, with a little trial and error you can usually distinguish real feedback from the repetitive spam. Eventually you'll be able to just ignore the spam request, but in the beginning it's better to just flag it as spam by doing something like adding the word spam to the subject line just in case you've flagged something incorrectly.

Once you find a way to differentiate real feedback from spam, please resist the urge to post messages to the spammer. This is a really bad idea. Not only will the spammer realize you've found a way to detect his messages and work to improve his methods (making detection harder for everyone), if you happen to make a mistake, you might get a message from a relatively annoyed visitor who might have been a potential client. The best course of action is to keep your web form's response the same. That way, the spammers won't realize you've caught on and won't change the patterns you've worked so hard to find.

If you have a tip you would like to submit, please send it to: webmaster@asp101.com.