Hello All,

  I've recently recieving a noticable quantity of spam email, from the same source, with the same content. They're all addressed to various existing addresses, on more than one website, that I'd used on my website in several ASP.NET contact forms - it struck me as a bit odd that the same spam was sent to all of them, as the email addresses cannot be found within the client side code.

 FYI, this contact form used a wizard control with two pages, and never displays the email address that the form sends to.

 I can only imagine that the server itself had been compromised, but have seen no sign of this - it is up-to-date, appropriately firewalled and running anti-malware software, as is my local machine.

I don't see how else these email addresses could have been accessed, particularly all by the same spam sender. Is there anything I'm missing?

So the email is not displayed anywhere on the site? Is it a standard common one word type address like contact or sale or support, if so you may just find its pot luck you got the mail.

Also make sure the address is not setup as a catchall account.

One test maybe to change the address and see what happens, failing that you will have to add some type of question to make sure the person is a real person and not a machine.

Or maybe add http://www.codeproject.com/KB/custom-controls/CaptchaControl.aspx

Hope it helps

 Jeremy,

 Thank you for your input.

I do use a few catch all addresses, so occasionally get an odd spam mail to a random addresss. But, each of these addresses are quite specific and wouldn't have been guessed - eg, e-business@, entrepreneur@... I'm always very careful about never mentioning an email address on a webpage.

The spam doesn't actually come from the forms themselves, but as direct emails, so I'd guess a Captcha wouldn't help - I will try changing the delivery addresses to something more obscure though.

Will come back with any progress.