Jump to content

php based outgoing email and security issues? (source info insecure)


mmosel

Recommended Posts

Hi all, I'm hoping that maybe some expert in here has had some experience with this or might have some ideas. I have my php scripts that handle my back-end ecommerce processing (notification scripts) send out emails to my customers. I'm hosting on a shared server. While inspecting the emails that my customers receive, I've noticed that there is some very sensitive data that gets included with each email. Such as what machine I'm on at what host. What my username is at this host. And now they have X-AntiAbuse header data that actually shows the name of my script and it's directory! This just seems so lame. Why can't they wrap it in an alias or something?

Anyway, I need to find a way to secure this information. They aren't being very helpful. So, is there a way that I can use php to perhaps forward this email to a service or something that would cleanse this info and then send the email to my customer? Or, are there any other ways that I might be able to get around this?

Thanks for any tips or ideas that you may have.
Link to comment
Share on other sites

Hi there,

I've noticed this as well. I'm guessing the mail function appends those headers? Perhaps if you connect directly to the SMTP server you can have more control of the headers and get around that. There are some classes to do this at [url=http://www.phpclasses.org/]phpclasses.org[/url].

Travis
Link to comment
Share on other sites

Thanks for the tip. I am using PHPMailer, which works wonderfully, but I was using the IsMail and IsSendmail functions. These functions were making the headers much worse than they needed to be. I switched to using the SMTP feature in my script, and it has eliminated some of my concerns from the source info. It still shows my server and host, but it doesn't show my username and the X-AntiAbuse doesn't show the script name that generated the email! Not perfect, but better!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.