An application contains a function for user feedback. This allows the user to supply their e-mail address, a message subject, and detailed comments. The application sends an email to [email protected], addressed from the user’s email address, with the user-supplied subject line and comments in the message body. Which of the following is a valid defense against mail injection attacks?
(a) Disable mail relaying on the mail server.
(b) Hardcode the RCPT TO fi eld with [email protected].
(c) Validate that the user-supplied inputs do not contain any newlines or other SMTP met characters
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here