To avoid spammers abusing this wonderful module, it'd be great if one could choose to enforce preview before submission (this stumps a lot of automated spammers) and maybe even add captchas to the submission process.

Comments

kbahey’s picture

kbahey commented

I have been running feedback since I wrote it, and I have virtually no spam.

Turning on email address verification is almost a fool proof measure against any spam, but it has some overhead (slow, may not work on all servers).

Captcha is overkill for such a simple module (in my opinion). There was a discussion on the drupal-devel mailing list about it, to add it to all forms in Drupal, but this did not materialize.

This leaves the preview, which I am willing to add to the module. It would be helpful if this is added as an option (the administrator clicks on an option saying 'require preview'.

If you can provide a patch that does that (against the CVS version) , then I will be glad to include it in the repository.

Thanks for the suggestions.

spazfox’s picture

spazfox
Location Olympia, WA
commented

I would like to second the request for some additional spam protection. I received nearly a dozen email spams via this module today. The email verification didn't do much good because they used my domain name with random usernames (e.g., iszcdfhkl@mydomain.com). If the preview before submit would work, I'm all for it. Otherwise, I don't see why captchas wouldn't be a good option. This is a very useful module, but I'm going to be forced to disable it if I keep getting tons of spam from it.

kbahey’s picture

kbahey commented

Are you sure a preview button would help? The spammers could just learn that and program their scripts/bots to click on it.

Captcha seems to be the best technical solution, and there is now a captcha module in the respository.

I am short on time, so anyone cares to make a patch?

Also, bear in mind that I want to phase out feedback by incorporating its functionality in Drupal core's contact module.

shiggi7’s picture

shiggi7 commented

I would like to second spazfox's comment - most days, I get a number of messages sent from open relays attempting to inject code to utilize the Feedback module to relay spam. These are always of the form gibberish@mydomain.com. A filter that disallows messages from mydomain.com would do the trick.

halftone’s picture

halftone commented

No progress on this? I am getting 20 soams a day through feedback. A simple blacklist addition would stop this - if the body includes 'phrase' fail the mail. Tarpitting it would be even better, to punish the sender.

kbahey’s picture

kbahey commented
Status: Active » Closed (won't fix)

Here is a solution http://drupal.org/node/76237

In short, install the captcha module, and modify it as per above so it would work for feedback, then enable feedback in captcha.