I'm not sure if I'm posting in the right forum, but I couldn't find any other sections related to the subject.

I have been receiving forms that have fake email addresses, although appear to be real. I tested them and received MaelerDaemons back, so I contacted the mail providers, and found they were fake.

So, I searched the internet for one of them, by the name that appeared in my "Sender" box, and found this sender in a hacker forum, with the same Country in his profile (UK) and followed some threads he posted - found that he is working on something called Dragonfly BSD...

QUESTION - how can I prevent this from happening again? I have received 4 already in the past week, from different senders, but I've spent too much time on this already.
Any ideas?

Maybe you're getting fake email addresses because you haven't got a "Privacy Policy" that explicity explains what you use those entered email addresses for or because your policy tells the people who're entering email addresses that you're going to use their email address in a fashion they find unacceptable.

Short of a system where the user has to receive an email from you before they can proceed inside your site, there's no good way you're going to be able to prevent bogus addresses from being entered.

Abuse of emails addresses is so rampant on the web right now, no one will even risk giving out a real address if they can't see a really, really good reason why a web site needs it. I can tell you that any web site that asks me for my email address gets some extreme scrutiny if I think they have a compelling reason for it and they get a bogus address if I don't see a compelling reason.

http://www.15seconds.com/issue/030203.htm

The way most people do it is that you set up a mailer to email back a confirmation message to the email address entered, and they click in a link in that email to activate whatever account they've just set up.

I do have a privacy policy that explains that I do not use their email address for mailings, nor do I share with any outside resources.

The email address is asked so that I may send a proposal for website design. The forms they are filling out (completely, by the way - even their "Goals for web site") is strictly for web site design and logo design estimates, so they are supposed to expect a reply.

Other than that, I don't need their email address. But these people (or software) are filling out my "Website Estimate Request" forms fully.

There are no "accounts" to be set up, the site is completely public access...

I am now using a new script that is supposed to "Validate Refferrer", so we'll see if this helps at all. Too new to tell, yet.

Your more complete description sounds like you may have someone deliberately trying to yank your chain. You might want to examine record the IP address of each submission so you can at least get a better idea of when you've got a possible bogus address.

Hopefully your new script will help, even valid requests could get lost if there's a typo in the email address and that could cost you some business you don't want to loose.

Well, I just tried out my new form script, and the Env.Report is not working. All I get in my email is something like:

ENV_REPORT: HTTP HOST, blah blah blah.....


Can't figure that one out....Maybe I'll have to switch to another new form mail script....

UGH!

It's not doing the server-side processing that you need it to. Are you sure you have the language supported on your server? Do you have the proper file extensionso that it can process?

Doesn't look any different than other scripts I've run, in terms of file extensions and language supported.

It's a PHP script, and I've run plenty of PHP scripts on the server.