[Ilugc] what fare chance for things gone to disable my mailing
linux at frodo.hserus.net
Fri Jun 30 06:58:00 IST 2006
Thyagu rajan wrote:
> I am working with Joomla CMS, it is a open source tool and in it we have a
> mailing function, The mailing function has the senders email id , name of
> the sender, recipient address, subject and body of the mail as a parameter.
> Can this function be used by the spammers to junk the e-mailing traffic. I
yes - badly coded phpmail (or perl based) applications are one of the
single largest spam sources these days.
There are several FAQs on perl and php lists on how to stop this - but
1. Hardcode the recipient address if possible
2. Sanitize input to your scripts to filter out things like a spammer
feeding your list a big list of "bcc: x at y.com, y at z.com ... followed by
If you cant hardcode the recipient definitely enable human interface
checking (aka "captcha") features to stop automated abuse of your form.
And also run outbound email on that app through spamassassin so that
even if someone abuses your form it'll be caught and rejected.
More information about the ilugc