Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:28075 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 87319 invoked by uid 1010); 19 Feb 2007 16:00:27 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 87304 invoked from network); 19 Feb 2007 16:00:26 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Feb 2007 16:00:26 -0000 Received: from [127.0.0.1] ([127.0.0.1:13518]) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ECSTREAM id 6B/EC-10467-A99C9D54 for ; Mon, 19 Feb 2007 11:00:26 -0500 X-Host-Fingerprint: 85.194.50.11 cust.fiber-lan.vnet.lk.85.194.50.11.stunet.se Received: from [85.194.50.11] ([85.194.50.11:21815] helo=localhost.localdomain) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 49/62-10467-4A899D54 for ; Mon, 19 Feb 2007 07:31:33 -0500 Message-ID: <49.62.10467.4A899D54@pb1.pair.com> To: internals@lists.php.net Reply-To: "Kristoffer Hultenius" Date: Mon, 19 Feb 2007 13:30:55 +0100 Lines: 54 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-RFC2646: Format=Flowed; Original X-Posted-By: 85.194.50.11 Subject: Reference in the mail header From: kristoffer@hultenius.com ("Kristoffer Hultenius") Hello everybody! As a webhost that offer PHP-support for hundreds of customers, I have a concern. The mail()-function is too easy to use for sending spam and even worse - there is (sometimes) almost impossible to trace the sender-account. I've been looking into the source code and one very easy but yet powerful solution to trace spam would be to force a reference into the header. As each vhost has its own config, a PHP-setting "mail.reference" would be enough. This would be of great value for all webhosts out there and since we all want to limit spam on internet, why not include this? You can find some (not tested) sample code below. I hope you understand what I mean. This is my first post here and I'm not familar with the PHP source code. // Kristoffer Hultenius Original code: ==================================== fprintf(sendmail, "To: %s\n", to); fprintf(sendmail, "Subject: %s\n", subject); if (headers != NULL) { fprintf(sendmail, "%s\n", headers); } fprintf(sendmail, "\n%s\n", message); ret = pclose(sendmail); New code: ==================================== char *reference = INI_STR("mail.reference"); fprintf(sendmail, "To: %s\n", to); fprintf(sendmail, "Subject: %s\n", subject); if (reference) { fprintf(sendmail, "X-PHP-REFERENCE: %s\n", reference); } if (headers != NULL) { fprintf(sendmail, "%s\n", headers); } fprintf(sendmail, "\n%s\n", message); ret = pclose(sendmail);