Get rid off phpmail()!

by stevie Posted on August 31, 2009

Dear sysadmins and developers,

phpmail() IS OUT! Get rid off it. Now!

One of the most common sources of spam are “hacked” webservers and poorly or even non-secured forms. By using phpmail the webserver must be allowed to send mails without checks for a valid sender. This results – mostly on a shared web host – in having checking every clients installations for the bad script while the mailserver gets blacklisted due to the spam wave.

There are enough possibilities out there on how to send mail without using phpmail such as PEAR Net_SMTP. I even encourage every webmaster to turn off phpmail by blacklisting this function in php.ini. This way the developers would be forced to name an smtp account for sending mail which is much easier to track (and shut off if neccessary).

flattr this! If this article helped you, please consider to flattr it. Thanks.

About stevie

Born in the north of Germany, raised in Berlin and stayed there since. After graduating, studying applied computer science at the FHTW Berlin (now HTW Berlin), I started my own company with a former fellow student, providing high class application solutions for web and desktop for small and medium companies (see www.jnamic.com (english version to be finished) for more information). My personal favorite programming languages are PHP for the web and Java for everything else - although I must admit Java evolved very much in the past few years. I love to code and build new applications from the scratch, optimizing it through day and night till I am satisfied with it's performance. So follow my articles, share your thoughts and experience with me and have a good time browsing this blog!
This entry was posted in common and tagged , , . Bookmark the permalink.