On Fri, Sep 08, 2000 at 11:17:31AM -0400, [EMAIL PROTECTED] wrote:
> I have an immense amount of respect for you Randal, but I think you're
> generalizing a bit much here. There are a number of cases where checking
> an email address' validity makes perfectly good sense. The most obvious
> is just plain human-computer interface design. If I can give the user a
> message "hay, that's not a valid email address" instead of them wondering
> why they never received an email, that's makes the interaction more
> intuitive. Many, many scripts end up calling sendmail to send mail. I'm
> not for a moment going to applaud that method, but it does mean that shell
> escapes in an email address will cause problems.
If you use sendmail's -t option to let it read the mail addresses from
the message itself you do not need to pass email addresses on command
lines. This is much more secure and relies instead on sendmail's rather
largish machinery to parse email adresses.
--
Jens-Uwe Mager
HELIOS Software GmbH
Steinriede 3
30827 Garbsen
Germany
Phone: +49 5131 709320
FAX: +49 5131 709325
Internet: [EMAIL PROTECTED]
