You do know that MIME::Lite just uses sendmail don't you? That being the case perhaps you might like to share your rationale for this suggestion.
It uses sendmail or Net::SMTP. It fills \n-based security holes by adding whitespace (I believe this is called "folding"), so the mailer doesn't see the new line as a new header.
If you set your To: header to be "foo\@bar.com\nSubject: my own anonymous message\n\nFree pr0n at http://foo.com/!!!\n", MIME::Lite will stop this spammer by doing a simple s/\n/\n /g.
Sendmail will choke on this 4-line To-header, and the spam is stopped effectively.From: real@message.com To: foo@bar.com Subject: my own anonymous message Free pr0n at http://foo.com/!!! Subject: real message This is the real message.
Had there not been whitespace in front of the extra lines (note that the line between the fake Subject: and the fake body is NOT empty), the fake Subject: header would have been a REAL header, and the fake body would have been the start of the real body.
This doesn't mean you should don't have to check data yourself - one can still add multiple addresses, and older sendmails send the e-mail regardless of the invalid syntax. But the module does make stupid things a little harder. And it provides nice syntax, calls sendmail in a safe fashion (using an argument list instead of a command string, not that it matters much for constants, but still.). The greatest advantage is that MIME::Lite will let you add an attachment if you later decide to do so. It's a lot harder to do that if you print to sendmail yourself.
- Yes, I reinvent wheels.
- Spam: Visit eurotraQ.
In reply to Re: Re: Re: Re: Re: Re: Re: Re: making first letter of all words in array upper case
by Juerd
in thread making first letter of all words in array upper case
by iamrobj
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |