Talk:FormMail

Latest comment: 6 years ago by Bobbozzo in topic FormMail spam vulnerabilities

I don't feel comfortable editing this page, but I was surprised to find no mention of how incredibly naively designed (massively insecure-by-design) formmail.pl is, and how that poor design was heavily abused to send billions of spam emails in the late 90s and early 2000s.

I arrived here because I was going to use formmail.pl as an example of poor design in a blog discussion, and I was looking for some numbers on just how widespread formmail.pl was and estimates of how many spam messages were sent out.

I know from conversations on anti-spam mailing lists at the time that, at one point, as SMTP relaying was increasingly locked down, formmail.pl became one of the primary sources of spam on the internet.

FormMail spam vulnerabilities

edit

Agree with above anon comment. See http://www.city-fan.org/ftp/contrib/websrv/formmail-advisory.pdf for more info on problems with FormMail. It and many of its replacements are no longer maintained; something else should be used and one should never store email addresses (sender or recipient) as 'hidden' HTML form elements. Bobbozzo (talk) 19:01, 1 August 2018 (UTC)Reply