Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Preventing spam when using PHP's mail function
Apr 12, 2006 @ 20:47:45

Spam has grown into one of the worst problems on the internet today. It effects everyone, even those that guard their email addresses with their lives. Information spreads so fluidly in the bits and bytes of everyday communication, that it's almost inevitable for your address to get out. Once it's out, you'll know, getting emails from people you don't know offering things you don't want. One tool spammers can use, unfortunately, are the unsecured forms on your own site. Thankfully, there's articles like this one from PHPBuilder.com that can help you safeguard your site against these attacks.

Insecure PHP scripts have provided great opportunities for spammers to abuse other's resources to send out their spam. In particular, it's the mail() function that can be abused. I myself was the target a few months ago when I noticed spam being sent from an old form on my server that I'd forgotten about. This month's article looks at techniques that can be used to harden your mail form, and reduce the chances of it being misused.

They set up the simple example script and show you how to exploit it to follow the wishes of potential spammers. They offer a few suggestions on hardening the form - filtering for a correct email address, checking for "bad strings" in the contents of the form, and looking for a REQUEST_METHOD value in the $_SERVER array. The methods aren't fool-proof, but they can help to dramatically reduce your chances of being the source of a lot of people's annoyance.

tagged: mail prevent spam filtering bad strings request_method mail prevent spam filtering bad strings request_method


Trending Topics: