I have a form on a page where user fills in a message and when "Send" button is clicked it is send via ajax to php script. There via mail() message is sent to specific email address.
I would like to avoid situation where 1000's of emails are send in short time by malicious user. Please tell me if I'm wrong but this would be sort of DOS attack and and this would probably be taken care of by webserver itself. I am on shared hosting and I would assume that large hosting provider would limit this sort of behaviour so multiple automated hits to my page would be blocked somehow before it would hit my php script.
If that is not the case what would be the best way to protect against it? I'm still not 100% sure that my host would do the part and was wondering if there is anything I can do from PHP itself that would help?
EDIT: I was thinking to store timestamp in Session variable but then if someone has got cookies turned off session wouldn't exist. Would it be possible to check if cookies are on in a browser and if not simply ignore request? If coockies are on then store timestamp in a session and with every request compare if e.g. 5 seconds passed before sending email?