Dinesh,

How is the spam being sent - through a form or using a regular email address?

Marshall

Do you have evidence that they are returning to your site each time? My work email address got into the wild a couple of years ago due to a colleague not protecting his laptop and I get spam every single day.

hello Marshall thanks alot for reply.

I am getting those mails using my own website forms. I am running a hotel website so there are around 300 hotel pages. and each page have a booking form. Someone sending spam mails using that booking forms.

Spam mails consists adult website url's...etc

If somebody comes to your site and decides to fill in your contact form with garbage, there's really not much you can do about it.

Welcome to the wonderful world of domain ownership.

Eliz.

....All are spam mails. I have added a verification code using javascript but still getting many mails.

First, understand this is most likely an automated process and the attack is not hitting the form page. They are querying the form processor directly with a robot (automated program), which circumnavigates any "validation" on the form page. You need to turn your attention to the form processor itself.

....Spam mails consists adult website url's...etc

Two functions absolutely must be added to your form processor: figure out how to make it log the raw submitted data. Then seek out any malicious content (links of any kind) and stop the program immediately if found.

Consider a possibility, for a moment: your form processor does not adequately cleanse the input data and what if the robot sends data in such a way that it creates IT'S OWN BCC field? This is a common attack. You get one email, AOL gets 1000. And being a BCC, you never hear about it until your ISP warns you to remove the scripts because their IP is getting blacklisted.

There are many more.
Form abuse thread [webmasterworld.com]