Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
541 views
in Technique[技术] by (71.8m points)

forms - Sending mail using php mail() -- abusing 'from' email address

I'm implementing a contact form in php using the mail() function. In the contact form, I ask for the user's email address, and upon submission I send their message to my own email address.

Here is my php code:

    $to = '[email protected]';
    $from_name = $_POST['InputName'];
    $from_email = $_POST['InputEmail'];
    $subject = 'Message from '.$from_name;
    $message = $_POST['InputMessage'];
    $headers = 'From: '.$from_email."
".'Reply-To: '.$from_email.
        "
".'X-Mailer: PHP/'.phpversion();
    $mailsuccess = mail($to,$subject,$message,$headers);

After testing this, I realize a person can send me an email masquerading as someone else's valid email address. For example, during testing, I used my friend's email and sent myself a message. Isn't this a security problem? In my gmail account, I did get a warning that this email may not be from that person, but if it's not clearly spam I usually ignore that warning.

For example, if Bob ([email protected]) sends a message through the contact form masquerading as Chris ([email protected]), I will respond in my email to Chris. Chris thinks his email is hacked because he never sent that email. Is this generally an issue? Or is there a way to make it safer?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

It's called email spoofing. SMTP is not a very secure protocol. It's always been possible to spoof. Unfortunately there is no way around it unless every email server on earth makes changes to fix that, which is unlikely.

It's how a lot of phishing and spam happens.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...