There are lots of PHP articles about the subject so is this a PHP only problem. I am sending emails using System.Net.Mail after some regular expression checks of course. Similar to http://weblogs.asp.net/scottgu/archive/2005/12/10/432854.aspx
views:
166answers:
3
+2
A:
I've never heard of that issue in ASP.NET. However, you should trust user input about as much as you'd trust a hooker with your wallet.
Will
2008-09-10 18:11:05
+5
A:
the PHP email injection attack works because of a weakness in the PHP Mail() function. As a .net developer you need not worry.
Danimal
2008-09-10 18:11:07
+4
A:
As long as you are using the MailAddress object, I think you're fine, because injections will only manage to throw FormatExceptions for the specified address.
Examples of how to properly use the System.Net.Mail components are included in that MSDN page; be sure to follow them and you will be fine.
Jon Limjap
2008-09-10 18:17:32