On 14 Jul 2011, at 19:54, simon haywood wrote:
I am looking for some advice, and hopefully a recommendation.
Hi,
Thank you to everyone for your comments and suggestions.
A number of respondents have made the valid point that sending out
emails from a website should not be taken lightly. Please be assured
that we have taken several steps to avoid the site being compromised
or abused. For example:
All inputs are validated and sanity checked to guard against malicious
injection. Before a user can send an email using the service, they
must validate their address by responding to a message sent to them
containing a unique code. The sender's IP address is captured and
appended to the final message - and the user must actively confirm
that they have not written an abusive message. All transactions are
logged.
We cross check visitors to the site with an IP blacklist that we will
maintain - and prevent access to the site from matching addresses. We
also cross check submitted email addresses against another blacklist
that we will maintain, and will not offer the service to senders with
matching addresses.
Finally, we have a dead-man's-switch to kill the service if it suffers
a larger attack.
I am not foolish enough to claim that the site is protected and cannot
be compromised or abused - but please be assured that this is not
something that has been thrown together in an afternoon.
re: sending of the actual email. I have found and solved the problem
with the construction of the headers when using PHPMailer. As a
result, I am now planning to send all emails "From:" our domain, "On
behalf of" - but with the "Reply To:" header being set to the user. We
have agreement from a major SMTP provider that this is acceptable use
of their service, and should not fail because of SPF records.
Thank you again to everyone for all your comments, suggestions and help.
Simon.
_______________________________________________
developers-public mailing list
[email protected]
https://secure.mysociety.org/admin/lists/mailman/listinfo/developers-public
Unsubscribe:
https://secure.mysociety.org/admin/lists/mailman/options/developers-public/archive%40mail-archive.com
