[SOLVED] Mail form

[AV1611]

Mail forms and Backscatter

 

I currently do not allow mailforms on my server that allow the form to ender a TO or FROM as I have been backscatter exploited in the past.

 

I also don't allow open relay and never will.

 

That means the from is always static (system@mydomain.com)

 

Question:

 

How can I ensure that the TO on the form only contains a SINGLE to?  And how do I keep robots from just bouncing off it?

 

Thanks.

[genericnumber1]

I suppose a strict regex would keep anyone from putting the characters to send to multiple people at once. As far as protecting it from robots, the issue is a bit more difficult. What is your system for? I can't really think of a system where you would allow anyone to email to anyone without any form of authentication. Do you have a login associated with it?

[AV1611]

Well,

 

Good question.

 

Currently I host several domains, so the to would always be a designated local user, but what if the account wanted the mail send to for example name@gmail.com?

 

I guess that the issue...

 

I guess as long as I hard code the to: then the from doesn't matter?

 

I just have been overreacting since I got exploited last year... I have worked VERY hard to keep my server off the spam lists and have done a good job... I just don't wanna risk it.

[genericnumber1]

If there's a set number of users you want the emails sent to, the users shouldn't even have to deal with emails, or even, if possible, see them. A perfect implementation would have users entering/selecting a person's username and the script does all of the work of insuring the username exists/there is an email associated with it/sending the email.

 

And I don't blame you, not being blacklisted as a spammer is a huge concern for non-spammers unfortunately.