Mail Scripts..
Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: Classic ASP Discussion
Forum Description: Discussion on Active Server Pages (Classic ASP).
URL: https://forums.webwiz.net/forum_posts.asp?TID=22377
Printed Date: 29 March 2026 at 7:40pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Mail Scripts..
Posted By: westwight
Subject: Mail Scripts..
Date Posted: 10 January 2007 at 1:34pm
|
I've just had my asp mail scripts pulled by my ISP because they think the scripts are vulnerable to misuse by spammers. If anyone can help I'd be grateful.
I use a simple contact form on the website that passes the data to an ASP page for processing. The code is as follows:
Set MyMail = CreateObject("CDONTS.NewMail") MyMail.From = "feedback@mysite.co.uk" MyMail.To = Request.Form("FromField") MyMail.Subject = "Thanks from ..." MyMail.BodyFormat = "0" MyMail.MailFormat = "0" MyMail.Body = "Blah, blah" MyMail.Send Set MyMail = Nothing and it gets repeated to send the data to the administrator. The comment from the ISP was
"As it stands people can just post "Request.Form("FromField")" and send email to any email address this like. You may need to place some form of validation in your ASP files." But I've no idea how to do that. Can anyone recommend a way to validating, or better yet a simple, foolproof way of forwarding contact email?
Regards
Bob
|
Replies:
Posted By: WebWiz-Bruce
Date Posted: 10 January 2007 at 2:04pm
|
It looks like what they are saying is you need to hard code in the 'To' email address, otherwise the email form could be manipulated to send an email to any email address eg:- MyMail.To = "you@yourEmailAdrress.com" ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: westwight
Date Posted: 10 January 2007 at 2:30pm
|
But this is the part of the form thanking the submitter for their email. Therefore I need to use the email address they have provided.
I suppose I could get rid of that section and just pop up a box saying Thank You. I don't really want to do that because a similar form (which apparently isn't causing a problem) has links in it to our forum and mailing list (and damn fine forums and mailing lists they are too!
 ) Bob
|