Posted by Steve on 02/28/07 18:37

<rcoan@chaparralboats.com> wrote in message
news:1172686432.967755.6850@h3g2000cwc.googlegroups.com...
| >>You form as it stands can
| >>be used to spam anyone.
|
| Actually I don't really see a way of it being used to send spam to
| anyone really. Unless they actually key in the query string. The
| email address that's being passed via the query string is from a
| database of email addresses that are location specific. In other
| words these people are expecting the emails and for there to be some
| junk mail possibly. So I'm not too worried about the spam issue as of
| right now but I will keep an eye out for it. Thanks.

you're kidding, right?

i could drop anyone's email address onto your query string in such rapid
successesion that your domain (and/or isp) could be liable for a class
action lawsuit...regardless of what email address your db intended to
send/receive it. further, i could add cc, bcc and other directives to your
email that your script is sending...again, your db addresses are of NO
concern. 'as of right now', give me your url and i'll spread your site's
ass-cheecks wide...THAT would be the 'eye' you're keeping out for it. ;^)

i'd also work on your validation. it needs to be FAR more graceful than it
is now. i'm sure most people would like to know why something went wrong
rather than the mere fact that something did go wrong.

[Back to original message]