Could this mail form vulnerable? (Perhaps to spam others)

question-er

Hi.

My host cancelled my account because they were receiving Spamhaus
complaints.

I don't carry out Spam and I only manage a blog and a phpBB forum within my website.

I suspect the only way to make spam from my website is through this email
form where visitors send me their comments:

email-form.html

<form method=post action=send-mail.php>
Your email address:<br>
<input type="text" size="56" name="email"> <br>
Your name: <br>
<input type="text" size="56" name="name"> <br>
Text:<br>
<textarea name="text" rows=7 cols=60 wrap="off"></textarea> <br>
<input type="Submit" value="Send">
</form>

---------

send-mail.php

$to = "myemail@mydomain.com";
$subject = "Sent Menssage";
$body = "Message Body \n";
$body = $body . "----------------------- \n";
$body = $body . $email . "\n";
$body = $body . "----------------------- \n";
$body = $body . $name . "\n";
$body = $body . "----------------------- \n";
$body = $body . $text . "\n";
$headers = "From: $email";
mail($to,$subject,$body,$headers);

-------------

Could this scripts be cracked to send spam? I suspect '$to' variable can
be spoofed to add 'BCC' extra emails. Can I protect it?

Thank you very much.

Azala

I believe this is all you need.

Link

matto

if you want to prevent manipulation via a fake (extended, whatever) e-mail address and CC/BCC, you should check the format. you could use:

function checkemail($email)
{
$email = trim(strtolower($email));
$regexpattern = '^{[\w-.]{1,}@([\da-zA-Z-]{1,}.){1,}[\da-zA-Z-]{2,3}$^';}

    return preg_match($regexpattern, $email);

}