Posted by Vince Morgan on 12/17/06 08:31

"Vince Morgan" <vinhar@REMOVEoptusnet.com.au> wrote in message
news:4584aba3$0$16557$afc38c87@news.optusnet.com.au...

> How are they using 'contact us' for relay? I would think that the first
> argument "to" should be a fixed value. Without being able to change that
> they could only spam that one address.
> However, the 'email this page' is another story.
> You could check that the body, or subject, depending on how you set it up,
> is a URL first. Then that the URL matches only those from your site.
> Of course they could circumvent that but without knowing why the emails
> aren't sending in the first place, it would be very difficult for them.
> Hopefully difficult enough to make it altogether very unattractive.
> Of course you wouldn't send back a page describing the reason for the
error
> :)
> You could look at using a "captcha" image as well.
> I'll be interested in reading other's solutions too.
>
> HTH
> Vince Morgan
>
>
A very naive reply. I should have examined header injection long ago.
What I didn't know was far far more than I actualy did know :)
Sorry for the idiotic reply.
Vince Morgan

[Back to original message]