Hi,

I think this may have been a post here but here is the code:

<?php

// email injection clean up.
function safermail($to,$subject,$body,$from)
         {
         $bad = array("\n","\r","\0",",");
         $good = "?";
         $to = str_replace($bad,$good, $to);
         $subject= str_replace($bad,$good, $subject);
         $from = str_replace($bad,$good, $from);
         $addlhdr = "From: $from\r\nReply-To: $from\r\n";
         return mail ( $to, $subject, $body , $addlhdr );
         }
//mail( "[EMAIL PROTECTED]", $subject, $body, "From: $email" );
safermail( "[EMAIL PROTECTED]", $subject, $body, $email );              

?>

Basically you are removing the ability to send more than one email at  
time. So if a spam bot enters email, email, email, email,  
email ...etc the script removes the delimitor and replaces it with an  
illegal '?' so that your email server will through a parsing error  
and not send any email from the current request due to a malformed TO  
or CC or BBC.

Sincerely,
Mike
-- 
Mike Brandonisio                 *    IT Planning & Support
Tech One Illustration            *    Database Applications
tel (630) 759-9283               *    e-Commerce
[EMAIL PROTECTED]  *    www.techoneillustration.com


On Jan 22, 2006, at 8:15 AM, Linux User wrote:

> Marian Briones wrote:
>> Hi gang
>> How do I prevent spam bots from exploiting php scripts that send  
>> mail?
>>
>> Need to know...
>>
>> (SIGH)
>>
>> Happy New year by the way.
>>
>> Marian
>
> My script checks for proper domain, so far so good.
>       $email = $_POST['email'];
>
>
> if($email) {
>       // take a given email address and split it into the username and  
> domain.
>       list($userName, $mailDomain) = split("@", $email);
>       if (checkdnsrr($mailDomain, "MX")) {
>       // this is a valid email domain!
>               $sql_mailings = "insert into Mailings(email) values('$email')";
>               $res_mailings = mysql_query( $sql_mailings, $conn) or
> die(mysql_error($conn));
>               echo("Email Added, thanks");
>       }
>       else {
>       // this email domain doesn't exist! bad dog! no biscuit!
>               echo("<br>Please enter a valid address!");
>               echo("<br><a href=\"$self\">Back</a>");
>       }
>
>
> }
> else{
>       echo (' <form method="post" action="'.$self.'" name="Mailing List">
>               <small>Add your email address<br>
>               <input maxlength="150" size="50"
>               name="email"><input name="Submit" value="submit" 
> type="submit"><br>
>               <span style="font-weight: bold; text-decoration: 
> underline;">Privacy
>               policy:</span> <br>
>               The address you enter will not be sold or given
> away.</small><br></form>');
> }
>
>
>
> Community email addresses:
>   Post message: [email protected]
>   Subscribe:    [EMAIL PROTECTED]
>   Unsubscribe:  [EMAIL PROTECTED]
>   List owner:   [EMAIL PROTECTED]
>
> Shortcut URL to this page:
>   http://groups.yahoo.com/group/php-list
> Yahoo! Groups Links
>
>
>
>
>
>
>
>



Community email addresses:
  Post message: [email protected]
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]
  List owner:   [EMAIL PROTECTED]

Shortcut URL to this page:
  http://groups.yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-list/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 



Reply via email to