Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PHP E-Mail address harvesting?

Status
Not open for further replies.
irbk

irbk

MIS
Oct 20, 2004
578
US
I have a form on my website for contacting my company. Users have to put in the standard First and last name, e-mail address and a message. This information is then submitted to a php mail function.
I did this under the impression that the e-mail address the form information was sent to is not really visable, thus crawlers and such could not harvest it for spam.
The user who recieves the e-mail is complaining of spam "from the website". As I said, my impression was that spammers could not get the address, so I'm unconvinced that the user's spam has anything to do with the website.
My question is this, is it possible that the e-mail address could be harvested even though the actual e-mail the form is sent to ony exists within a
Code: 
<?php mail($recipient, $subject, $body ?>
format?

Thanks in advance!
 
Sort by date Sort by votes
No, the spammer didn't get the email that way.

To whom does the script send its emails?

If it can send to anyone who enters an email address, it may be possible that someone is spamming through your site. It could also be that the computer of someone who once received an email from your site got infected with an email-harvesting worm and sent your site's address on to the spammer, who is now forging emails under your site's name.

Have the person examine the SMPT headers of the message he received. You'll want to look at all the "Received from" headings to see a possible chain of transfers. Keeping in mind, of course, that all but the last "Received from" header could be forged.



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
The script sends the e-mail form information to a single address that's hard coded in the PHP script.
 
Upvote 0 Downvote
How easy-to-guess is the address from which these emails arrive? Perhaps someone just lucked into the address.


I recommend you get your complaining user to send you the SMTP headers of the message he received. That's the only way to know what's going on.



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
I'll check the headers and see. To be honest with you, I'm not even sure what "address" that the form mail would be coming from.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cdlvj
  • Question
PHP Debugging
Replies
1
Views
246
cdlvj
cdlvj
W
  • Question
how to send checked row data in php
Replies
0
Views
77
wiltang2004
W
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
344
PeDa
PeDa
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
406
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
php constant in mail header 1
Replies
2
Views
181
PeDa
PeDa

Part and Inventory Search

Sponsor

Back
Top