Email Injection attacks

I wonder if it is enough to scan the message body for
and replace them?

-- Long - Free, searchable business directory for local communities - No-Cookie Session Support plugin for Rails

not just the message body. you'd have to scan the headers (to, from,
subject) for anything that should'nt be there or not in the correct


for a list of example scenarios.

I agree. Each form field should be scanned.

-- Long

Chris Hall wrote: