DEPRECATION WARNING

This documentation is not using the current rendering mechanism and will be deleted by December 31st, 2020. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.

Spam Prevention

Introduction

bestpractice_spamshield1

Spamshield is a method to protect your mailforms from spam without the usage of a captcha field. After a submit, different spammethods must be passed:

  • Honeypod
  • Linkcheck
  • Namecheck
  • Sessioncheck
  • UniqueValues
  • String Blacklist
  • IP-Address Blacklist

Every submitted form will be checked with this methods. Every failed method adds a Spam-Indication-Number to a storage. The sum of the Spam-Indication-Numbers leads to a Spam-Factor (from 0 to 100%). Per default every mail with a Spam-Factor of 75% is declined with a message.

Configuration via TypoScript

Comprehensive Example

plugin.tx_powermail {
        settings.setup {
                spamshield {
                        _enable = 1
                        factor = 75
                        email = administrator@domain.org
                        emailSubject = Spam in powermail form recognized
                        emailTemplate = EXT:powermail/Resources/Private/Templates/Mail/SpamNotification.html
                        logfileLocation = typo3temp/logs/powermail_spam.log
                        logTemplate = EXT:powermail/Resources/Private/Templates/Log/SpamNotification.html

                        methods {
                                # Honeypot check
                                1 {
                                        _enable = 1

                                        # Spamcheck name
                                        name = Honey Pot

                                        # Class
                                        class = In2code\Powermail\Domain\Validator\SpamShield\HoneyPodMethod

                                        # if this check failes - add this indication value to indicator (0 disables this check completely)
                                        indication = 5

                                        # method configuration
                                        configuration {
                                        }
                                }

                                # Link check
                                2 {
                                        _enable = 1

                                        # Spamcheck name
                                        name = Link check

                                        # Class
                                        class = In2code\Powermail\Domain\Validator\SpamShield\LinkMethod

                                        # if this check failes - add this indication value to indicator (0 disables this check completely)
                                        indication = 3

                                        # method configuration
                                        configuration {
                                                # number of allowed links
                                                linkLimit = 2
                                        }
                                }

                                # Name check
                                3 {
                                        _enable = 1

                                        # Spamcheck name
                                        name = Name check

                                        # Class
                                        class = In2code\Powermail\Domain\Validator\SpamShield\NameMethod

                                        # if this check failes - add this indication value to indicator (0 disables this check completely)
                                        indication = 3

                                        # method configuration
                                        configuration {
                                        }
                                }

                                # Session check
                                4 {
                                        _enable = 1

                                        # Spamcheck name
                                        name = Session check

                                        # Class
                                        class = In2code\Powermail\Domain\Validator\SpamShield\SessionMethod

                                        # if this check failes - add this indication value to indicator (0 disables this check completely)
                                        indication = 5

                                        # method configuration
                                        configuration {
                                        }
                                }

                                # Unique check
                                5 {
                                        _enable = 1

                                        # Spamcheck name
                                        name = Unique check

                                        # Class
                                        class = In2code\Powermail\Domain\Validator\SpamShield\UniqueMethod

                                        # if this check failes - add this indication value to indicator (0 disables this check completely)
                                        indication = 2

                                        # method configuration
                                        configuration {
                                        }
                                }

                                # Value blacklist check
                                6 {
                                        _enable = 1

                                        # Spamcheck name
                                        name = Value blacklist check

                                        # Class
                                        class = In2code\Powermail\Domain\Validator\SpamShield\ValueBlacklistMethod

                                        # if this check failes - add this indication value to indicator (0 disables this check completely)
                                        indication = 7

                                        # method configuration
                                        configuration {
                                                # Blacklisted values (could also get read from a file - simply with FLUIDTEMPLATE)
                                                values = TEXT
                                                values.value = viagra,sex,porn,p0rn
                                        }
                                }

                                # IP blacklist check
                                7 {
                                        _enable = 1

                                        # Spamcheck name
                                        name = IP blacklist check

                                        # Class
                                        class = In2code\Powermail\Domain\Validator\SpamShield\IpBlacklistMethod

                                        # if this check failes - add this indication value to indicator (0 disables this check completely)
                                        indication = 7

                                        # method configuration
                                        configuration {
                                                # Blacklisted values (could also get read from a file - simply with FLUIDTEMPLATE)
                                                values = TEXT
                                                values.value = 123.132.125.123,123.132.125.124
                                        }
                                }
                        }
                }
        }
}

Explanation

Relative Typoscript path Description Allowed values Default value
spamshield._enable Turn spamshield generally off or on 0/1 1
spamshield.factor Define the tolerance limit when a mail should be rejected generally 0 - 100 75
spamshield.email Email address for notifactions if spam was recognized. Empty value turns of email-notification. string -
spamshield.senderEmail Outgoing email address for spam notifactions. If left empty powermail@[your-domain] will be used. Not needed in most cases. string -
spamshield.emailSubject Subject for spam-notification-email string Spam in powermail form recognized
spamshield.emailTemplate HTML-Template for spam-notification-email string EXT:powermail/Resources/Private/Templates/Mail/SpamNotification.html
spamshield.logfileLocation Location where to save a spam-notification logfile. Empty value turns of logfile. string -
spamshield.logTemplate HTML-Template for spam-notification logfile string EXT:powermail/Resources/Private/Templates/Log/SpamNotification.html
spamshield.methods.[number]._enable Turn this spamshield method on or off 0/1 1
spamshield.methods.[number].name Name for logfile, email-notification and frontend-output (if this check fails) string -
spamshield.methods.[number].class PHP classname (without leading slash) for this check string -
spamshield.methods.[number].indication If this check failes - add this indication value to indicator (0 also disables this check) int -
spamshield.methods.[number].configuration Individual configuration for this check array -

Debug and finetune the Spamsettings

It is useful to activate a notify mail to the admin (for an initial time period e.g.) if a submit failed (see TypoScript above how to enable). In the mail, you see which checks failed and the overall Spam Factor. This is an example of the mail content:

Possible spam in powermail form on page with PID 3

Spamfactor of this mail: 92%


Failed Spamchecks:
0: nameCheck failed
1: uniqueCheck failed
2: blacklistStringCheck failed


Given Form variables:
2: Alex
9: Alex
10: alexander.kellner@in2code.de
3: Viagra and Free P0rn
See link on http://freeporn.de or http://freeporn.com

Senders IP address: 155.233.10.8

As an alternative, you can enable a logfile (see TypoScript above how to enable), where all spam is logged. This is an example content of the logfile:

----------------------------------------------------

2015-10-19 12:03:39

PID: 184
Spamfactor of this mail: 92%
Failed Spamchecks:
- linkCheck failed
- uniqueCheck failed
- blacklistStringCheck failed

Given Form variables:
- Name: Viagra
- E-Mail: Viagra
- Text: http://www.test.de
http://www.test.de
http://www.test.de

Senders IP addess: 127.0.0.1

You can also enable the Spamshield Debug to see the Methods which are failed above the form. Enable with TypoScript setup (Use extension devlog to see this settings):

plugin.tx_powermail.settings.setup.debug.spamshield = 1

Register own spamcheck methods

Of course you can register own spamshield methods. See manual part “for developers” for examples.

Disable spamcheck on some condition

Of course you can disable all spamshield methods on some conditions. See manual part “for developers” for examples.

Captcha

Using a captcha extension also helps to prevent spam. You can simply add a new field of type captcha. A build-in calculating captcha will be shown in frontend. If you want to use another extension, you can install the extension “captcha” from TER and configure powermail to use this extension for every captcha:

plugin.tx_powermail.settings.setup.captcha.use = captcha