I'll gladly bear with you.

I couldn't post if I wanted to right now as blogger is down. Someone must have found out that I had a blog there, either that or some geek at google tripped over an extension cord.

Hope you find that spam loophole and terminate with extreme prejudice.

Without some more detail (which I completely understand not posting here) I can't be sure that this will be helpful, but...

The Perl Mongers have rebuilt quite a few commonly-used CGI programs with a focus on security. If you need a form-to-email script, you might check out theirs. Some of its config options may avoid that problem ... and you don't need to be (much of) a programmer to use it.

http://nms-cgi.sourceforge.net/scripts.shtml

Blogger is down? Wow...who could have imagined? ;-)

I'm actually a bit envious; I wish my problem was one that I could just set aside and know that someone else is responsible for fixing it.

Brian, you've nailed it perfectly, and I've spent a bit of time looking at those scripts. However, they're in PERL and everything else I'm using is PHP, and so I'm looking for equivalent functionality in a PHP script. I'm semi-literate in PHP, but some of the suggested fixes are very vague and require more expertise than I have to implement.

I did manage to find a fairly comprehensive validation routine that I think I can drop into my script without much modification. If I can figure out a way to test it, it may be the solution I need.

I appreciate your suggestions, though. You know a lot more about this stuff than me.

To test it, maybe you could create a differnet HTML form that has a textarea (instead of an input tye=text or a hidden field) to hold e-mail addresses. Put in two of your own e-mail addresses, with a carriage return/linefeed between them and see if the mail gets sent.

If you get an error, then the validation is working.

If this isn't the resource you've found already, you might take a quick read over there.

If all of that fails, my next proposal involves a programming language flame war. :-)

Let us know a summary of the details once all is well.
I have been fighting spam here also this week. Not much else I can do at this point than replace this gaping hole of called Exchange Server 2003 with something more secure but less efficient.

Eric,
I'll be glad to take a look at this for you as well, tomorrow, when I'm not quite so tired.

Drew, thanks for the offer. If you look at the next post, I think I may have found a solution, but I'm open to any other suggestions.