E-mail form spam seems to be growing in popularity where automated programs fill out web e-mail contact forms. There are various opinions about why they do this including exploiting vulnerabilities for doing injection or using the form to send the spam directly.
However, for the cases I’ve inspected, I’ve observed that there is no injection attempt and there is no spam message to send nor are there any offending links to post (the kind you get with trackback spam). Some of the e-mail addresses, however, do appear to be legitimate. So what’s going on?
Could this be an attempt to poison black hole databases using automation? The vulnerable web form then sends the opt-in notice to an unsuspecting real e-mail user who in turn may report the offender. Maybe.
Or is this just a version of on-line graffiti where your e-mail opt-in database gets filled up with nonsense and you unsuspectingly use that list in subsequent campaigns?
Whatever the reason, if you have an e-mail web sign-up or opt-in form, it’s time to protect it from automated fill-in before you have to manually prune your e-mail list database.
Captchas (see http://en.wikipedia.org/wiki/Captcha ) are a common way to protect your web sign-up form.
