Full Version: Job Offer
From: Dave Jones (DAVERJ) [#16]
30 Jan 2007
To: Stunt Engraver (DGL) [#15] 30 Jan 2007
I don't know if his has the potential spam problem or not, but for ones that do, yes a different script is the answer.
The problem comes from generic scripts that pass the recipient email address from the web page. The more secure scripts have the recipient email address hard coded into them in a part of the script that can not be reached from the web. FormMail was a popular CGI script that is supplied by a lot of web hosts as a simple way to have a contact form. Similar scripts in other languages abound and work in similar ways, with similar vulnerabilities.
A custom PHP script with the address hard coded is typically the most secure. The next best thing is this PHP script that a friend of mine wrote, with a bit of advice from me, called "NateMail": http://www.mindpalette.com/formprocessing/index.php
It has a hidden list of recipient email addresses stored on the server and forms can only be sent one of the names you enter in that list. The list can not be accessed or overridden from the web.