I have just discovered how to send mail with PHP.
But I remember reading a thread here about some security issues.
I can’t seem to find the thread, but I do remember that someone tapped into his account somehow and sent mass emails out and his web service got suspended.
What I would like to know is, what do I need to do to protect myself from this?
My code seems very simple:
[code=php] <?php
//start building the mail string with this format:
//$msg = “This text will appear in message: $variable n”;
//$msg .= “second line of text in message: $variable n”;
//set up the mail
//$recipient = $email; //to whom it is being sent
//$subject = $subject; //this will appear in the subject line
//$mailheaders = “From: <[email protected]> n”;
//$mailheaders .= “Auto generated, do not reply”;
//send the mail
mail($recipient, $subject, $msg, $mailheaders);
?>
It sure seems to me like anyone can use it.
I’ve discovered that when I receive this email, and I reveal hidden headers, the email address that it is sent from will not accept email.
[QUOTE]
Received: from server302.com ([216.35.196.35]) by bay0-mc9-f10.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 31 May 2006 07:25:25 -0700
Received: (qmail 27742 invoked by uid 2069); 31 May 2006 14:18:41 -0000
X-Message-Info: txF49lGdW43v8sG5cYy4VG6SCajOUNeZVR5Fu25rhBA=
Return-Path: [email][email protected]
X-OriginalArrivalTime: 31 May 2006 14:25:26.0270 (UTC) FILETIME=[0F57C1E0:01C684BE]
That [email][email protected]
Do I have any vunerabilities that I need to be aware of?