Since I am looking into using this form for my website, I thought I'd ask a couple of questions.

Has there ever been any problem with header injection with this form?

The reason I ask is that I got stung by someone doing this to me with a old form I had been using.

Also is it possible to disable the cc and bcc so that it cannot be used?

Hi,

Tectite FormMail has never had a header injection problem because it was designed to avoid these security problems from the beginning.

Having said that, though, it does require you to properly configure it (esp. the $TARGET_EMAIL setting). The Configuration Wizard does this for you automatically.

If you happen to misconfigure $TARGET_EMAIL in such a way as to allow header injection, FormMail will warn you with an alert message.

You cannot disable CC and BCC support in FormMail, but there's no reason to do so. A fake HTML form or spammer trying to use these fields can still only use them to send to the email address you allow in $TARGET_EMAIL.

Thank you for your quick reply. I have been going through all your How to Guides trying to get the form ready to try. The sample form works just fine, but wanted to ask those questions.

Even though I haven't got the form up and running yet, it looks to be the best thing I've seen as a free form.

Thanks.