[thelist] Email header injection

[Liam Delahunty]

On 11/11/05, Chris Dorer <cdorer at gmail.com> wrote:
> Can't you just spoof the referer from firefox. Sometimes it's blank b/c you
> config'd ff not to send the referer
>

True, but when you have a few hundred cases of emails coming in
(because they try the injection on every field) then missing the odd
one is a fair enough compromise.

Plus, for me the messages are put somewhere, and will still get
checked, it just will avoid the mail function and therefore reduce the
relaying threat.

--
Kind regards, Liam Delahunty