On 9 Oct 2020, at 8:09, Ron Wheeler wrote:
That information that the user supplies should not be in the headers
at all in any message that you get. It is just data.
As Tom pointed out, the email to you or to the address entered on the
form should be from your website not from e-mail addresses provided by
the users.
This is an important point.
A web form feeding a script that turns arbitrary input into bogus email
is a 1990s problem. The right solution is not to make your MTA reject
that mail, it should be to replace the mis-designed form and script.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
