[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Contact form linking from "From:" header

Earl Hood wrote:
On January 9, 2004 at 21:21, Gunnar Hjalmarsson wrote:
What bothers me about it is that since I can easily parse - and deobfuscate - the from addresses, so can the spammers... So I
can't help wondering what the "X-From-R13:" header is normally
used for, and if it's really needed. ;-)

Yep. It is there for mha-dbrecover.

I'm seriously considering adding a resource that disables the
<!--X- ... --> header comments.

Needless to say, I would support such a resource.

It means that CGI::ContactForm::MHonArc should better keep grabbing
the addresses etc. from .mhonarc.db, right?

Doing so will prevent the use of mha-dbrecover on archives, but for
those that keep the original raw mail data, it should not be a

True. And keeping the raw data is reasonably advisable anyway.

Another concern is can impact the ability of namazu to index message fields. Therefore, it may just be enough to mask out
X-From-R13. I'm not sure what to call the resource that just does

Neither am I. But whatever name you give it, it should better be enabled by default via the SPAMMODE resource.

Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl

[Index of Archives]     [Bugtraq]     [Yosemite News]     [Mhonarc Home]