Posted by Martin Jay on 04/29/06 04:25

In message <o86dnYXPebLANc_ZnZ2dnUVZ_s-dnZ2d@comcast.com>, Jerry Stuckle
<jstucklex@attglobal.net> writes
>Martin Jay wrote:
>> I (think) I understand the principle, but I cannot replicate it.
>> The 'hack' seems to rely on email being routed by the 'to,' 'cc,'
>>and 'bcc' fields in its header, which is isn't. Well, not until it
>>reaches its destination, maybe.

>> I emailed Paul an example script earlier. I've also uploaded it to:
>><http://www.spam-free.org.uk/pages/email_test.php>.

>> I would be interested to see how the spamming technique you mention
>>can be used with it. I have changed the form method from POST to GET
>>to make it easier to 'hack.'

>Either way. I just make a local copy of your form, edit it to add the
>headers I want, and post it back to you. For instance, I place in the
>subject field:
>
> This is spam
> bcc: someone@example.com
>
>And off it goes. The more fields I add, the more I'm sending.
>
>Not hard at all.

Hmmm...

I've replaced the page I mentioned earlier with one that allows you to
download a copy of the form script.

Put it on your local server and try your theory out.

I cannot replicate the problem you highlighted. :(
--
Martin Jay

[Back to original message]