[thelist] ASP form to mail script and spam

[Chris at globet.com]

Faye

> I am using ASPMail 4 on my site to send a form but it is 
> extemely vulnerable to spam.

What is it about ASPMail 4 that makes it especially vulnerable to being
used as a relay for unauthorised mails (relative to any other
technology)?

> I am getting at least a few test exploits a day and I am 
> worried that it will be used to spam other people.
> My question is: Is there any safe, non-exploitable scripts 
> out there (yes, I googled and a few said spam-proof but I 
> want to know from other people's experiences and not just 
> what their websites claim....)?
> The hosting company discourages the use of CDONTS and ASP 
> Mail, Form mail and PHP Mail are basically my main options....

You should perhaps be looking at the methods that are used to exploit
vulnerable websites in order top send spam. IMHO it's the validation of
your input that will prevent spammers from exploiting you, not the
technology used to actually send the email. Exclude any email addresses
with line breaks and/or carriage returns; amongst other things. The
following article may be of interest:

<http://www.anders.com/projects/sysadmin/formPostHijacking/>

HTH

-- 
Chris Marsh
Web Developer
t: +44 20 8246 4804 x828
f: +44 20 8246 4808
e: chris at globet.com
w: http://www.globet.com/

Any opinions expressed in this email are those of the individual and not
necessarily the Company. This message is intended for the use of the
individual or entity to which it is addressed and may contain
information that is confidential and privileged and exempt from
disclosure under applicable law. If the reader of this message is not
the intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please contact the
sender immediately and delete it from your system.