Posted by Jerry Stuckle on 11/14/28 11:21

Robertico wrote:
> I agree with that.
> But is't possible that somebody sends mail (to me :-(( ) every minut using
> a script.(using the link to my form).
> My mailform must only be accessible if an error occurs and only from my site
> (domain).
>
> Robertico
>
>

Robertico,

Yes it's possible. But it's more likely they'll do it through other means. In
the dozens of email scripts I've installed on customer sites, it's never been a
problem.

Think of it - spammers are trying to sell you something. What are they going to
sell you by spamming you every minute? Unless you have a site which draws
unwanted attention (i.e. illegal or immoral activities, promoting terrorism,
etc.), it is not going to be a problem!

Also, there is no way to ensure the mail form is only available from your site.
For instance - if you depend on http_referer, that doesn't work where it's
turned off by a firewall or the browser. And it also fails where a script
emulates http_referer. As to only being accessible if an error occurs, no way.
If it's available when an error occurs, it's available any time.

What makes you think you NEED this level of security, anyway? What are you
doing which leads you to suspect you'd have a problem with abuse of the form?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]