Email header injections

I have implemented a check for email header injection in my contact forms I create for clients
but I am not 100% sure I am actually doing it right,

I check to see if there is a "cc:" and "bcc:" string injected in any of my form fields
and if there is I don't send the email (and I actually put a deny rule in the htaccess so they can't try anything else)

I was reading http://www.securephpwiki.com/index.php/Email_Injection
and realized that subject: can also be injected
but since I am checking for cc and bcc I  think I am safe ?
since a spammer will specify one of the two (most probably bcc)

Is there any other way that the could use my email to send spam ?

Thanks

[Join us @ facebook]

I think those are enough.

The only extra thing that someone could do is use the body (I think) to attach a virus file, but I guess this is not something too common

You need to check all formfields which belong into the mail header (check the mail message you send via the form.

1. validate email addresses (if available and used as from:)
2. check all the (header) fields with:

$email = preg_replace("/\r\n/", "", $_REQUEST['email']);
?>

I am not sure exactly what you are saying Olaf,

I am checking all form fields,
if I see a bcc or cc in them it means someone is trying to attack my mail form
then I don't send email, and I also put a "deny ip" in my htaccess so the attacker does not try anything else

wouldn't that be enough ? you say

as your forum subject says only the headers must be protected.
the email address need to because multiple entries need to be validated too

all other form fields which are placed the mail header need that check above.

I guess what confuses me is the reasoning behind this:

$email = preg_replace("/\r\n/", "", $_REQUEST['email']);

what does it do ?

It strips away carriage returns/line feeds right ?

what does that accomplish ?

You destroy all the line feeds and the mail() can't function properly ?
(since ALL the headers MUST be seperated with with line feeds)

I guess what confuses me is the reasoning behind this:

$email = preg_replace("/\r\n/", "", $_REQUEST['email']);

what does it do ?

It strips away carriage returns/line feeds right ?

what does that accomplish ?

You destroy all the line feeds and the mail() can't function properly ?
(since ALL the headers MUST be seperated with with line feeds)

you remove only the line feeds submitted via the form

[Guest]

[62.884]

Googlebot