How to secure a simple PHP script that sends emails?

Question

In a simple contact form, the HTML form triggers a Php script :

<form method="post" action="email.php">.....</form>

This email.php sends me an email :

<?php
    $mess=$_POST['name']. "\r\n" .$_POST['site']. "\r\n" .$_POST['email']. "\r\n" .$_POST['meta']. "\r\n" .$_POST['message'];
    mail('myemail@gmail.com', 'Subject', $mess);
?>

The HTML is using jQuery validate plugin, but nothing like this on the Php side.

A Security expert told me how insanely unsecure this php script was.

What can I do to enhance security ?

Answer 1

This is an alternative way of solving what you asking for. And I hope this can be useful for other askers, as I see similar questions coming op consecutively.

If you intend to make professional application and focus on your core business, then I suggest you use some secured email portals with API from like mailgun, mandrill or others. Both service offer a dash board where you can see e-mail status of how many emails are sent and delivery status, and a lot of other statistics. It is FREE for small usage. It is worth it using it, because you will solve some of following issues:

• You do not need to think about maintaining security of your smtp server
• Or even correct configuring your smtp
• Solving block and black IP addresses
• Server attack
• Spam problem
• And name the more

Both solutions provide API for PHP or other platforms.

Note: I have been my self used my own smtp server few years back, and you know all the time I put to fixing and maintaining the smtp server is not worth it, because I could spent that time doing better stuff and leave e-mail service part for professionals.

Answer 2

My guess is that your "security expert" saw you using raw $_POST data and using the mail() function, and he freaked out, but didn't stop to actually check how bad things were.

He has a point in that using $_POST without doing any validation on it is almost always a recipe for being hacked, but in fact in this particular case I don't think it's too bad, because you are the only recipient (so it's not going to be used for spam, which is the main thing to worry about in these cases), and because the body is plain text (so a hacker can't send you any nasty scripts or attachments).

Without any validation, you could get some really weird emails as a result of hackers trying to find a way around your defences, but not too much else.

PHP's mail() function is a well-known soft target for hackers because there is an awful lot of insecure code out there that uses it. However the real danger with mail() tends to be if you use the headers parameter (ie to set things like the sender address, etc), which you haven't used. Since you're not using headers, the risks are a lot lower, and mainly limited to making it easy for someone to mailbomb you.

If you are still worried about the security of the mail() function, the best solution is to use a library like phpMailer instead.

To be honest, my advice whenever anyone wants to use PHP's mail() function is always to use phpMailer or Swiftmailer instead. And it's not even just about security; even for simple cases, they can make your code a lot easier to read and maintain.

Answer 3

One big flaw is that an attacker could trivially fill your inbox with malicious or junk messages which, besides being very annoying, would likely cause Google to put your domain on their spam list.

They could do this by writing a short script to call that PHP function with some arbitrary data, and loop through it for however long they want.