We have some actions which allow users to report error (mapped to HTTP 500) within system or other errors such as RNF-404. These actions send a mail to our admins & also create a new issue within our bug tracking system. Of late some people have started misusing the system & we get several SPAM messages in the bug tracking system & via e-mail as well.
I was just wondering how we could take care of this issue. One way is to use CAPTCHA - but it could be time consuming to implement as we have several pages posting to this action. I am wondering if there are any approaches that I could try to see if the posted inputs are indeed coming from our forms and not some programms writen to spam our system. I tried tracking "referer" but then even valid forms/pages send referer as "null" - so how can I enforce referer header?? Wjhat else can be done here?
So you form is being submitted using a mailto address? It seems like you could switch over to a traditional form submission and have your Action code generate the email on the server side using something like the JavaMail API.
We do indeed use JAVA mail API to send mail to cocerned people in the struts action. That form is geting abused by spam. The action code sends alert mail as well as creates a new issue in autmated bug tracking system.
It is this form which is getting flooded by SPAM messages instead of authentic error reporting by user. Any suggestions?