News Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way
Preventing spam when using PHP's mail function
April 12, 2006 @ 15:47:45

Spam has grown into one of the worst problems on the internet today. It effects everyone, even those that guard their email addresses with their lives. Information spreads so fluidly in the bits and bytes of everyday communication, that it's almost inevitable for your address to get out. Once it's out, you'll know, getting emails from people you don't know offering things you don't want. One tool spammers can use, unfortunately, are the unsecured forms on your own site. Thankfully, there's articles like this one from that can help you safeguard your site against these attacks.

Insecure PHP scripts have provided great opportunities for spammers to abuse other's resources to send out their spam. In particular, it's the mail() function that can be abused. I myself was the target a few months ago when I noticed spam being sent from an old form on my server that I'd forgotten about. This month's article looks at techniques that can be used to harden your mail form, and reduce the chances of it being misused.

They set up the simple example script and show you how to exploit it to follow the wishes of potential spammers. They offer a few suggestions on hardening the form - filtering for a correct email address, checking for "bad strings" in the contents of the form, and looking for a REQUEST_METHOD value in the $_SERVER array. The methods aren't fool-proof, but they can help to dramatically reduce your chances of being the source of a lot of people's annoyance.

1 comment voice your opinion now!
mail prevent spam filtering bad strings request_method mail prevent spam filtering bad strings request_method

blog comments powered by Disqus

Similar Posts

Syntux: eZ components

Derick Rethans' Blog: More goodies in the eZ Components Preventing spam when using PHP\'s mail function

Daniel Cousineau's Blog: Setting Up Mail() on Windows, or: Where is my Windows Sendmail.exe?

SitePoint PHP Blog: UTF-8 Email in PHP with eZ Components

Community Events

Don't see your event here?
Let us know!

symfony yii2 api list project community opinion composer interview podcast php7 language series laravel configure part2 framework example application introduction

All content copyright, 2015 :: - Powered by the Solar PHP Framework