webpage with php mail() function prone to spam?

Norman Peelman wrote:

> Before anyone starts, I know this may or may not be the best 'pattern'
> for validating email but, i'm on Windows and I have'nt had much luck with
> the workarounds of not being able to use getmxrr(). I'ts close enough for me
> (for now).

From the manual page:

Note: This function is not implemented on Windows platforms. Try the PEAR
class Net_DNS.

You could still check the domain with gethostbyaddr(), except you will deny
those addresses that don't have a valid ip, but a valid MX record.

Sadly without getmxrr() you can't do a check directly against the mailserver
to validate the e-mail address, for me it would feel quite crippled to not be
able to use getmxrr().


--

//Aho

"J.O. Aho" <user@example.net> wrote in message
news:4ul2r5F187ua0U1@mid.individual.net...
> Norman Peelman wrote:
>
> > Before anyone starts, I know this may or may not be the best
'pattern'
> > for validating email but, i'm on Windows and I have'nt had much luck
with
> > the workarounds of not being able to use getmxrr(). I'ts close enough
for me
> > (for now).
>
> From the manual page:
>
> Note: This function is not implemented on Windows platforms. Try the PEAR
> class Net_DNS.
>
> You could still check the domain with gethostbyaddr(), except you will
deny
> those addresses that don't have a valid ip, but a valid MX record.
>
> Sadly without getmxrr() you can't do a check directly against the
mailserver
> to validate the e-mail address, for me it would feel quite crippled to not
be
> able to use getmxrr().
>
>
> --
>
> //Aho

I took a look at that while I was responding the first time. I thought I
had looked before too. I just haven't had much luck getting those
workarounds to work. I should try alittle harder but I think i'll be
switching to linux soon anyway.

Norm

--
FREE Avatar hosting at www.easyavatar.com

Norman Peelman wrote:
> "J.O. Aho" <user@example.net> wrote in message

>> Note: This function is not implemented on Windows platforms. Try the PEAR
>> class Net_DNS.

> I took a look at that while I was responding the first time. I thought I
> had looked before too. I just haven't had much luck getting those
> workarounds to work. I should try alittle harder but I think i'll be
> switching to linux soon anyway.

*nods*
I think you won't be disappointed, just spend a bit time thinking of what you
want and then select which distro to use, www.distrowatch.com has a bit
information about most of them.


--

//Aho

"Ric" <antispam@randometry.com> wrote in message
news:em38b0$1mp$1@online.de...




> If one allows header injection he should not develop any kind of software.
>
In principal I would have to agree. However, with the exception that I have
develloped a lot of software that is very safe from such attacks.
Not because I knew about them and accounted for them, but because the
software I've develloped previously had either nothing whatsoever to do with
email, or the internet. With the possible exception of a peeer to peer chat
program, that had no email or similar capabilities.
The issues involved are quite different in almost all cases.
However, in principal, I most certainly should have paid much more attention
to security prior to this.
Header injection is not a common programming consideration, but quite
specific to certain types of software, and certainly SMTP.
My foray into PHP has been too hasty, no doubt whatsoever.

Thanks,
Vince Morgan