homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

"Safe" Tell A Friend Script
Prevent Mis-Use By Spammers

 2:54 pm on Jan 21, 2005 (gmt 0)

I'm thinking of modifying my board to have a "Tell A Friend" link by each post.

I have heard of spammers or other anti-e-social types using such scripts to forward spam or unpleasant messages.

Has anyone seen a "Tell A Friend" script & mailer that has reasonable protections against such mayhem? If so, where?




 6:31 pm on Jan 22, 2005 (gmt 0)

I moved this to Website Technology in the hope that it would get a little more activity. I'm a big fan of "tell a friend" functionality. If you search for "secure tell a friend script" you get some hits, but I'd be interested to see if someone has experience with the techniques needed to avoid rogue use.


 6:38 pm on Jan 22, 2005 (gmt 0)

Hi. I wrote my own "Tell-a-friend" script which uses the users email address and name.

It prevents spamming since the outgoing email has the senders name and address on it, so it better be going to only friends.

That information comes from the database as part of their profile so they are not apt to spam.


 7:08 pm on Jan 22, 2005 (gmt 0)

I'm glad you asked this because I'm wanting to do something similar so it made me think of something I hadn't thought about.

I think I'd definitely limit the fields to "email" and "sender's name".

Another thing I would do is limit the number of times a person could refer a link to someone to prevent malicious/annoying email. I'd also make sure there was no way the mailer worked unless the referer was from the page you have the "send to a friend" link on.

If you want the person sending the link to be able to enter their name, how about just limiting the "sender" field to 15 characters or so? If you want to prevent links from being sent, I'd use a string checker to check and make sure there's no "http://" or "www".


 1:18 am on Jan 23, 2005 (gmt 0)

As a (very) basic measure, you could create a md5 hash for the time (and additional seed words?) and have it as a hidden input on the tell-a-friend page, then, when the page is POST'd, you could compare the hash against the new time hash, and if its within 2 seconds, don't send it, assuming its spam. Not perfect by any means, but it may cull some of the more basic spam you might face.

Its late though, so someone will surely come along and point out all the flaws while I'm asleep :)

Global Options:
 top home search open messages active posts  

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved