Re: FN-FORUM: refer a friend systems

date posted 24th January 2007 10:50

Two tips:

1. sanitise the email addresses; ensure that only a single address is
entered and no newlines/line feeds are used to force through bcc:
addresses
2. make sure the custom message is only a small part of the overall
email, ensure it is only plain text, or omit it completely

Also, monitor emails sent through the form, either cc an admin address
or log to a DB, then you can see if the form is being abused and act
if necessary.

NEVER allow a subject to be entered, this is just too easy to abuse.

Regards,
Safehex.

On 24 Jan 2007 11:11:22 -0000, webmetric [EMAIL REMOVED] wrote:
>
> I'm looking at adding one of these to a site for a client, and wondered if
> any one had any pitfalls to be aware of (and hopefully HOW they avoided
> them)
>
> It seems to me that when your asking some one to add there own email
> address, a "friends" email address AND a custom message, then what your
> actually writing is a spam gateway.
>
> The form WILL be locked down to registered users I hope (if I get my way)
> but even that is not enough really - on the other hand this needs to be a
> painless process, so CAPTCHAS are possibly out.
>
>
> Any thoughts welcome.
>
>
> D
>
>
>
> --
> Freelancers, contractors earn more with Prosperity4
> Call 0870 870 4414 or visit www.prosperity4.com
> and benefit from Inland Revenue approved expenses today.
>
> To advertise here: http://www.freelancers.net/advertising.html
>
>