0

I am currently creating a web contact form in python. My main aim is to teach myself python and I am not using a framework (just raw python). I am using python 2.5 as that is what my webhost has.

Sending email seems simple in python and that is clear in the documentation. The problem I have is that I can not find any clear examples on how to prevent header injection attacks when using a module such as smtplib.

It seems like one thing that is important to get right but going by python bugs that I can reproduce, it seems rather hard. Can anyone help?

Monkey Code
  • 592
  • 6
  • 20

1 Answers1

0

Just make sure your script sends two newlines (CRLF to be compliant with relevant RFCs, LF only to be compliant with most MTAs) after the headers you want, and any attempted injected headers will show up in the email body.

Also, of course, do sanity-checks on the from:, to: and any other data input by a user to make sure no embedded headers or newlines are in those fields.

jcomeau_ictx
  • 37,688
  • 6
  • 92
  • 107