Spamproofing the Archives

From: Eric Smith <eric_at_brouhaha.com>
Date: Sat Dec 7 13:21:04 2002

>> Why expose the address at all? How about you send the (plain text
>> only) note on to the addressee w/o disclosing the address. If the
>> recipient wants the sender to know their address, they'll respond to
>> them.
>
> Well, that *is* a easier way to do it. I had thought of that, but I
> wasn't sure if there were enough steps involved. What I don't want is a
> person sending spam *though* this interface. How safe do you think this
> solution is against that?

In practice, a lot of people have had trouble with this.

Make damn sure that whatever CGI script you use defends against any
characters in the email form being interpreted as any sort of
metacharacters. Of course, you have to do this for *any* web forms,
but for some reason email forms seem to be especially susceptible,
possibly because a lot of CGI scripts don't do enough validation then
just dump all the data into a "mail" command. This has vulnerabilities
for both command argument processing by the shell, and by strange and
wondrous things that happen inside Sendmail.

I'm no expert on that, but it's scary enough that I've completely
resisted putting such things on web servers I'm responsible for. I'm
sure it can be done safely, but I don't have the time or inclination
to research exactly what it takes.

I think the original hash code idea was perfectly fine. It takes more
work to implement than the mail form, but does it take more time to
implement than a bulletproof mail form? I don't know.
Received on Sat Dec 07 2002 - 13:21:04 GMT