Email form spam attack

Hi Folks I have a CF email contact form on my website. It requires First name, Last name, email address and the body of the email. before the submission is accepted.  Recently it was hit with a bunch of automated spam attacks so I added a graphical security image that needs to be included. The automated spam is still getting thru, with the first and last names blank and the graphical security image being ignored.  I can't replicate this manually.   Any ideas how to prevent it. Thanks Rob    Robert J. Voyle, Psy.D. Director, Clergy Leadership Institute For Coaching and Training in Appreciative Inquiry Author: Core Elements of the Appreciative Way http://www.clergyleadership.com/ 503-647-2378 or 503-647-2382

I have suffered with this crap for years. What I do is filter for code like /url and brackets and braces and similar  and log the message as junk and send it to a different table where I log the ip if it a spammer and use the logged ip to filter out posters, I cflocation them to FTC frauds and scams page if their ip matches. Check for a pattern that a normal poster would not do and try to filter on that. I also take service calls this way from my clients and it is extremely important not to chase junk. Also I check for referring page that should match the domain of the processing page, if they fail that I send them to FTC Then I check message field for unwanted keywords and junk the message that way and  e-mail field certain domain names and log the message as junk and send it to a different table where I log the ip if it a spam type message. One other passing a hidden calculated number from one page to the next and reject the person if the variable fails a check one that I find works is 22/7 plus the date as a number confuses most script kiddies   one problem if you have a person who starts  just before midnight, which could be  8 or 9 elsewhere in the country. I monitor loaded pages and I find that spammers just post to processing page, so if they are over doing it I just change the processing page name normal users never notice. I am  building  tables that contains words and phrases that would be used in a automotive racing site or a alpine ski racing site and then check a message or a posting if it did not match at least once it would be labeled junk and processed accordingly. michael Rob Voyle wrote: ----- Excess quoted text cut - see Original Post for more -----