How to prevent "php mail injection - spam attack"

[Sam]

Dear Valued Clients,

Nowadays there is an explotion on php mailler scripts and spammers can add their header - cc & bcc to your mail form and can send spam mails to mail address which can be added by them. Please use following codes in your php mailler scripts that can prevent anybody to add/change of header.

It should be at top of page (php codes) - it works for POST method
<?
$badStrings = array("Content-Type:",
"MIME-Version:",
"Content-Transfer-Encoding:",
"bcc:",
"cc:");
foreach($_POST as $k => $v){
foreach($badStrings as $v2){
if(strpos($v, $v2) !== false){
header("HTTP/1.0 403 Forbidden");
exit;
}
}
}
?>

[geoffb61]

One of the programs that I run on your server is an auto-surf site and it uses the php mailer in various different places.
It is used in the signup script to send a verification email, in the admin area to email individual members and all members, it is used to advise different events to the members and the admin and it is used by CRON jobs to advise me that a timed event has occured.
In total, I think there are at least 6 scripts that call the php mailer!

Does the patch code need to be added to all these scripts?

If this is the case, it seems to me that this is a server issue and would be better patched in the servers mail agent rather than in multiple user scripts!

I am not a programmer and I don't mess with the scripts that I have purchased, many of them prohibit modifications to the design and may refuse future support!

Am I the only one with this problem or am I wrong to worry about it?

Geoff
:unsure: