PHP Contact form Scam???

Question

I work mostly with XHTML, CSS & Some ASP... not .Net.

I found a PHP Contact form on HotScripts.com
http://www.web1marketing.com/resources/tools/form-mailer.php.txt
http://www.web1marketing.com/resources/tools/php-form-mailer.htm

As you can see this set off a Red Flag Scam for me:
$mailPassword = "password"; // The mail password associated with $mailTo

$params["password"] = $mailPassword;

Is it a Scam or Not???
It just looks Phishy to me...

-Thanks 😎

David_Powers · Accepted Answer

By the way, I notice that the script is using $HTTP_POST_VARS, which is obsolete. So, I would be wary of the script for other reasons, but not because of the use of the SMTP password.

David_Powers · Answer

Is it a Scam or Not???I haven't studied the script in minute detail, but it's not a scam. As the HTML page explains:This particular contact form uses SMTP instead of sendmail to avoid common issues that are commonly found in the latter.The PHP mail() function hands email messages directly to a mail transport agent (MTA), such as sendmail, residing on the same server. Consequently, no authentication is required. However, mail() is not capable of handling HTML email or attachments. To do so, you need to use a third-party script, such as PEAR Mail and Mail_Mime, PHPMailer, or Zend_Mail.What this script does is incorporate the PEAR Mail class to bypass the local MTA and send your mail through your own ISP's SMTP server. Don't know why they think this is better, because PEAR Mail on its own doesn't handle HTML or attachments. But there's certainly no problem with using the password. As long as the password is stored in a PHP variable, and not exposed through echo, it's perfectly legit.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded