Posted by J.O. Aho on 10/02/40 11:34
Matt wrote:
> I have a have a webform on a website that has a a php script that contains
> the following code that is used for submitting data by email. Problem is
> spammers are using it to relay spam. I altered it to not use the from
> address but the website user does not like that since they cannot simply hit
> reply to the email it generates.
>
> Can someone tell me how to alter this code to keep spammers from altering or
> adding headers? I imagaine something as simple as making sure $name is not
> over so long would almost do. Or making sure it does not contain any CR or
> LF's.
>
> Matt
>
>
> $headers = "MIME-Version: 1.0\r\n";
> $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
> /* additional headers */
> $headers .= "From: $name<$email>\r\n";
>
> mail( me@mydomain.com, "Mail from mydoamin.com", $data, $headers);
> header ("Location: http://thankyou.html");
> ?>
I think you should check for things like cc: and bcc: and remove those in the
sent data.
//Aho
Navigation:
[Reply to this message]
|