Defending against PHP email injection attacks

I have a couple of forms that use PHP’s mail command and over the weekend I had to become an expert at protecting yourself from “email injection” spam attacks that insert spam addresses and headers into PHP forms.

After a couple of different strategies I found that the best method to protect yourself was the script from anton at basehost dot net on this page. The nice thing about it is that it’s a server-wide solution – no need to scuzz up your forms with increasingly complicated checks for malformed characters.

Author: Chris Barrus

You are not cleared for this information.

Leave a Reply

Your email address will not be published.