Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2003

    Unanswered: Safe to turn off referrer checking in mailforms?

    Hi, I'm currently working on installing a mailing form - there is an option that verifies where users send their forms from and blocks those who did not send the form from my domain.

    But the problem is, this also blocks users who do not accept cookies from their browsers, use firewall or other programs that would prevent websites from tracking where they are coming from.

    So I'm thinking of turning that 'checking referrer' option off, but at the same time, I'm also a little worried about security problems which would arise if I do. Just a side note, the mailbox in which the forms are sent to has already been specified in the script, not in the HTML form, so I assume that whether the form is sent from my domain or else where will still be directed to my mailbox. What harm could be done anyway? ..besides possible junk mails to my mailbox?

    Anyhow, with my minimum knowledge on servers, I'm probably missing out a lot.. It'd be great if any Gurus out there can offer me some suggestions on this security thing. Thanks so much in advance.

  2. #2
    Join Date
    Aug 2003
    Bologna - Italy
    I'm not a true guru, but if, as you say, the destination address cannot be selected by the user, the only risk is that, as you said, you can get spam in that mailbox, that's all.

    It would be a problem if the user can select the destinatio, but that is not the case.

    A different problem is to have your SMTP server not relaying mail from other domains, but that is a configuration duty of your hoster, not yours.
    The only failure is not trying to do it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts