[thelist] Email header injection

Liam Delahunty liam at megaproducts.co.uk
Fri Nov 11 10:19:44 CST 2005

On 11/11/05, Chris Dorer <cdorer at gmail.com> wrote:
> Can't you just spoof the referer from firefox. Sometimes it's blank b/c you
> config'd ff not to send the referer

True, but when you have a few hundred cases of emails coming in
(because they try the injection on every field) then missing the odd
one is a fair enough compromise.

Plus, for me the messages are put somewhere, and will still get
checked, it just will avoid the mail function and therefore reduce the
relaying threat.

Kind regards, Liam Delahunty

More information about the thelist mailing list