PHPMailer security

**pbmods** · May 30 '07, 04:02 PM

Originally posted by federicog

I have been using PHPMailer to send a contact form.
But one of the users told me that he had received a response to his question from another person.

Check to make sure that the address you're sending the email to is correct.
Is the email being sent to more than one address?
Is it being CC'd or BCC'd?
Are you setting your own headers or just using the defaults?
If you set headers, is it possible (even if not intended) for the User to modify these headers (are you getting hit by header injection attacks)?
Is the response coming from the same email address every time, or does it vary?

**federicog** · May 31 '07, 06:13 PM

Originally posted by pbmods

Check to make sure that the address you're sending the email to is correct.
Is the email being sent to more than one address?
Is it being CC'd or BCC'd?
Are you setting your own headers or just using the defaults?
If you set headers, is it possible (even if not intended) for the User to modify these headers (are you getting hit by header injection attacks)?
Is the response coming from the same email address every time, or does it vary?

Actually, the form wasn't developed by me, the only thing I did was switch from an old sciprt (using mail) to phpMailer to avoid header injection. What I hadn't realized was that the form was being sent to two adresses, so that was probably the problem. Right now we're discussing this with the website owner to check if the second address was intentional or was put there by the former developer to catch all the emails sent through it.

Thanks for answering!

**pbmods** · May 31 '07, 06:21 PM

Originally posted by federicog

Thanks for answering!

No problem. Keep 'em comin'!

**livemsn12** · Jun 2 '07, 02:49 PM

thanks man good answer i need this

PHPMailer security

PHPMailer security

Comment

Comment

Comment

Comment