If you've just started to write your own CGI scripts, do NOT try to write a mailing script - use one from the list below.

The following free CGI mail programs have recent development activity and are more secure against attacks by spammers*:

NMS formmail:

http://nms-cgi.sourceforge.net/scripts.shtml

http://nms-cgi.sourceforge.net/formmail_compat-3.10c1/FormMail.pl

Steve's

http://www.b-link.co.uk/stevedawson/scripts.htm

Jack's

http://www.dtheatre.com/scripts/formmail.php

PHPformmail

http://www.boaddrink.com/

http://scriptarchive.com/formmail.html

* Any Web script that sends mail will eventually be visited by a spammer who will try to trick your script into becoming a spam relay.

For scripts you have developed yourself, make sure that:

• if a script sends mail and you no longer need to use it, please remove it.
• if a script sends mail and you support the code, please make sure that there is no way for user-submitted data to get into the header fields that are passed to sendmail. The usual spammer trick is to submit form data with "\n" (newline) characters that lets the spammer turn a From or Subject field into multiple fields, including a new To or Bcc field and the spammer's advertisement.
• if a script sends mail and you obtained that script from a third party, please visit the third party site to see if there are any updates, or ask Panix staff to review the script.

---

Return to Index

Last Modified Friday, 26-Jan-2007 11:04:22 EST