![[SpamCop.net - protecting the internet through technology]](/images/05logo.png){kind=small}
SpamCop FAQ : Help for abuse-desks and administrators :
Formmail
Formmail.pl, one of the most-used perl scripts on the Web, is designed to send data entered into a Web form to an e-mail address. This script could be exploited by a malicious user who could use Formmail as a spam server. If you use this script, spammers may be able to use it to send spam freely using your server's resources.
A paper (long) explaining the FormMail vulnerability is available at http://www.city-fan.org/ftp/contrib/websrv/formmail-advisory.pdf
Secure fixes are available from: