Page 1 of 1

What checks need to be made to avoid Email Injection?

Posted: Mon Sep 12, 2005 2:47 am
by spartan7
Hi there

I have been getting very strange Emails lately and it fits the profile of somebody trying to use my forms for spamming.

I have just added a regular expression that does a full variable check for "MIME-Version"

What is the full list of things I must look out for to prevent Email Injection?

Thanks

Posted: Mon Sep 12, 2005 2:52 am
by feyd
any place they can add stuff to your headers is where I'd likely concentrate my filtering and fixing.. The From field is a likely candidate.