Developer Support »

Why does the script allow the email address [email protected]  (See more user questions)

Hi .

It's perfectly secure. The only way to verify an email address is genuine
and belongs to the visitor is to send an email to the visitor and get them
to click a link to verify they received it. Naturally there isn't any
demand for this on a form-to-email script.

I wrote the email validator myself. What it does is check the syntax of the
email. ".co" is a proper TLD but I am not about to list every possible TLD
then change it every time a new one appears for the simple reason that it is
wholly futile as entering another person's genuine email address is the
easiest thing for a spammer to do. Therefore there is no point in
"verifying" an email address other than checking the syntax due to much more
common errors like putting two periods together or a period at the end or
the incorrect number of @ symbols etc.

Naturally it won't accept new lines which prevents hijackers entering bcc or
cc addresses which is very well known and very easy to block (I think they
teach it on the first day of PHP school).

It allows a single character for the user and domain as the user part of the
email address and the domain part can legitimately contain only one
character, therefore syntax-wise "[email protected]" is a good email address.

Like I said, it's largely irrelevant because a spammer could use any proper
email address if they wanted to.

Is that what you mean about security or is it spam blocking in general that
is your concern? You can't completely stop spam but the script will block
most of it. As for security, spammers can't pass emails to the script for
relaying (as explained above, amongst other things, my syntax check only
allows one @ sign so I don't even need to check for new lines or the like,
only one email address can be submitted to the "email" field).

Any questions, just let me know.

Best wishes.

Charles Sweeney
The world's easiest feedback script!

----- Original Message -----
Sent: Thursday, December 30, 2010 2:39 PM
Subject: Re: FormToEmail script

> Hi Charles,
> Thanks for your reply.

> I have tried the free version and I have a question. On a test mail I
> used the from email address as [email protected] The mail was then transmitted.
> The question is about validation and why was that mail allowed through for
> delivery.
> I am having a real problem with validation and your web says that it is
> secure. Can you reassure me that I will have no problems.
> With kind regards,