You do know that MIME::Lite just uses sendmail don't you? That being the case perhaps you might like to share your rationale for this suggestion.

It uses sendmail or Net::SMTP. It fills \n-based security holes by adding whitespace (I believe this is called "folding"), so the mailer doesn't see the new line as a new header.

If you set your To: header to be "foo\@bar.com\nSubject: my own anonymous message\n\nFree pr0n at http://foo.com/!!!\n", MIME::Lite will stop this spammer by doing a simple s/\n/\n /g.

From: real@message.com
To: foo@bar.com
 Subject: my own anonymous message
 
 Free pr0n at http://foo.com/!!!
Subject: real message

This is the real message.
[download]

Sendmail will choke on this 4-line To-header, and the spam is stopped effectively.

Had there not been whitespace in front of the extra lines (note that the line between the fake Subject: and the fake body is NOT empty), the fake Subject: header would have been a REAL header, and the fake body would have been the start of the real body.

This doesn't mean you should don't have to check data yourself - one can still add multiple addresses, and older sendmails send the e-mail regardless of the invalid syntax. But the module does make stupid things a little harder. And it provides nice syntax, calls sendmail in a safe fashion (using an argument list instead of a command string, not that it matters much for constants, but still.). The greatest advantage is that MIME::Lite will let you add an attachment if you later decide to do so. It's a lot harder to do that if you print to sendmail yourself.

- Yes, I reinvent wheels.
- Spam: Visit eurotraQ.