Re: (spam)secure mailform

Bob Smith (bobsmith1@marketweighton.com) wrote:
: >
: hmmm, what if someone gets access to the form and spams the 1,2,3, (,
: whatever ) in there?? Am I missing something obvious in this debate? ( I'd
: never do it like that, anyways...)

If the spammer sends mail to id #1 then that address gets the spam, which
is no different than if the spammer gets or guesses the address by some
other means. That's inconvenient for your sales or service account who
gets the spam but it's not a security issue. The security issue is when a
spammer finds a way to hijack your mail form to send large volumes of mail
to addresses of the spammer's choosing - which turns your
web-site/mail-server into a spam source (and gets you blocked, etc).
Having a few hardcoded id numbers such as 1 2 3 prevents the form from
being hijacked, which prevents the security issue commonly seen in some
mail forms.

Aside from the security issue, you might ask, what of the possible
inconvenience of your sales account receiving spam via the form - what are
the chances of this happening very often anyway. The answer is that you
won't receive much if any spam via your form. Ask yourself, why would a
spammer take the trouble of using a customized technique (i.e. your form)
to send spam to _one_, unknowable, address. A spammer wants to find ways
to send large volumes of spam to large numbers of addresses in their
latest list. It's not too profitable for a spammer to spend time figuring
out how to run non-standard web queries to a single address that probably
hates spammers.

The only issue you could ever have is if someone dislikes you (for
whatever reason) and then uses your form to launch a DOS attack by sending
hundreds of messages to the one account. Most of us simply aren't
important enough for any serious attacker to bother with. But anyway,
there are many ways to do a DOS, so the form won't make much difference if
someone really wanted to do that.

--
This space not for rent.