Re: FN-FORUM: refer a friend systems

date posted 24th January 2007 20:23

On Wednesday 24 Jan 2007 11:41 am, Bill Westhead wrote:
> 1. sanitise the email addresses; ensure that only a single address is
> entered and no newlines/line feeds are used to force through bcc:
> addresses

I've done a couple of these. I check that the entered email addresses=20
are valid (insofar as you can: strip everything after [EMAIL REMOVED] and check
it's a valid domain).

> 2. make sure the custom message is only a small part of the overall
> email, ensure it is only plain text, or omit it completely
>
> Also, monitor emails sent through the form, either cc an admin address
> or log to a DB, then you can see if the form is being abused and act
> if necessary.

CC to an admin address AND log to a database, with "sender's"=20
IP address and time. If you get more than say, ten referrals from=20
one IP address in the space of five minutes, decline (politely).

--=20
5: When responding to a post, delete all information that is not
strictly necessary. This includes the freelancers tag line and .sig
files. Delete anything you're not specifically responding to.