On Tue, October 10, 2006 7:06 am, Peter Lauri wrote: > 1. We have setup an email that do have an inbox and is REAL. We have > an > mailbox connected to it and can send and read emails from it via > webmail and > pop > 2. We have an SMTP server that requires authentication > 3. We are going to use PHP Mailer > > Using PHP Mailer and the SMTP sending function should make the emails > look > pretty real, am I right? On that we make sure that the HTML that we > create > is good, check that with http://spamcheck.sitesell.com > <http://spamcheck.sitesell.com/> or similar. If it's HTML "enhanced" email, you've already blown it. It will get you marked as a spammer. > Shouldn't I be pretty good to go? We are not talking about millions of > emails per day here, maybe a few thousands. What are the risks of > ending up > being a spam marked ip? Unless the email is coming "from" somebody the recipient knows/trusts, then you're going to get marked by them as a spammer -- which will report back to some of the lists marking you as a spammer. So you have to have the From: and Reply-to: coming FROM the person recommending the product for starters. You also have a huge gaping hole, or completely forgot to mention, that anybody could script your site to send out the product recommendations to a million people as a prank. There is a singular lack as well of a mention of cleansing the "To:" address, which hopefully you do to avoid header injection. One nice technique to limit spammers is to put in a "throttle" on any given IP address using the form to send out the product recommendations. While IP sucks for authentication/identification, you *know* something is wrong if more than 4 mails are being sent out by the same IP address surfing to your site within X minutes. Bam! Slam the door in their face. Very simple to code/implement/maintain. Most bad guys will just go find some other wide-open form to use to send their spam instead of dinking around with their IP all the time. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
