[Ilugc] what fare chance for things gone to disable my mailing routine....

Suresh Ramasubramanian linux at frodo.hserus.net
Fri Jun 30 06:58:00 IST 2006


Thyagu rajan wrote:
> I am working with  Joomla CMS, it is a open source tool and in it we have a
> mailing function, The mailing function has the senders email id , name of
> the sender, recipient address, subject and body of the mail as a parameter.
> Can this function be used by the spammers to junk the e-mailing traffic. I

yes - badly coded phpmail (or perl based) applications are one of the 
single largest spam sources these days.

There are several FAQs on perl and php lists on how to stop this - but 
roughly

1. Hardcode the recipient address if possible

2. Sanitize input to your scripts to filter out things like a spammer 
feeding your list a big list of "bcc: x at y.com, y at z.com ... followed by 
spam content

If you cant hardcode the recipient definitely enable human interface 
checking (aka "captcha") features to stop automated abuse of your form. 
And also run outbound email on that app through spamassassin so that 
even if someone abuses your form it'll be caught and rejected.

	suresh


More information about the ilugc mailing list