Does your hosting protect against a common vulnerability of email?

The default installation of WordPress uses the PHP mail function to send all email. There is a common exploit of this function to allow spammers to use your blog as a relay for sending spam. The exploit is called Header Injection. Here are a few articles with plenty of details and a thorough technical exploration of the vulnerability:

http://www.php-security.org/MOPB/MOPB-34-2007.html

http://www.damonkohler.com/search?q=email+injection

The other problem with using PHP mail function is that the email will be sent from your blog’s server. This server almost certainly is not the same server as where your email is coming from. Many email providers like Yahoo, Gmail, Hotmail, etc, will view this as a flag for invalid or spam email. This means you might not get the email sent via PHP mail.

To secure your site and ensure your email reaches its destination, our hosting platform has this mail function disabled. Instead we use the WP SMTP Mail Plugin that uses your email account’s SMTP details to send email.

Related Posts

• April 29, 2011 -- Video Tutorial for Wordpress: Adding in page links
• April 6, 2011 -- How To Video Tutorial – Adding Paid Files to Wordpress Posts
• April 6, 2011 -- How To Video Tutorial – Creating a Post by User in Wordpress
• April 6, 2011 -- How To Video Tutorial – Adding Users to Wordpress
• April 3, 2011 -- How To Video Tutorial – Adding images to Wordpress NextGen gallery

Filed under:
Hosting, Security by Chris