Hi there,

I installed a small script on one of my websites that allow users to send email from mysite. I'm using

mail("myemailadress@mydomain.com",$strSubject,$strBody,$strHeader);


this code to send the email. The question is, can someone delete my email adress from the code and write a script that allows
them to send spam from this code.

Thanks

Originally posted by ferzan
The question is, can someone delete my email adress from the code and write a script that allows
them to send spam from this code.

Sorry can't quite understand what you mean. Are you asking whether that code could be used by spammers? If so the answer is no, this is executed by php and is not sent to a browser. However your address is attached to the email along with your server information. If you asking for the code to be changed so spam can be send then I'm not going to help you there.

Delete no.

using for spam "yes" if you accept all incoming data @ this script.

just make sure, that the data (from your form) were sent from your own host. Else someone could use your scipt to run spam tru.

kinda

if ($HTTP_POST_VARS['mailtext']){
email(blah, blah, $HTTP_POST_VARS['mailtext']);
}

Toppi

Yes they could use that if you don't validate and clean $strHeader as they could inject their own To:, Cc: and Bcc: headers.

If you manually set $strHeader then no it's unlikely they could use it to spam.

Hi,

Thanks for the replies

I will do whats recommended here

Thank you very much