This is known
as email header injection and you will be relieved to know that Zend_Mail does filter all headers to prevent
such an attack.
Having gone into some detail about the creation of our email it is now time to look at the options available
when sending it.
9.2.2 Sending emails with Zend_Mail
In Zend_Mail there are currently two ways to send mail; using Sendmail or SMTP. Why you would choose
one over another and what options are available with each is the subject of this section.
Sending via Sendmail
It was mentioned earlier in this chapter that Zend_Mail defaults to using Zend_Mail_Transport_Sendmail
which itself uses PHP's mail() function. What that means is that, unless you decide otherwise, your emails are
simply being composed and passed on to PHP??™s mail() function and from there on to the local sendmail (or
variation of) mailserver which handles the actual transfer of the mail.
To illustrate more clearly how this works we will make use of PHP mail()??™s option of passing additional
parameters in the command sent to the mailserver. In this case we will use it to set a header in the constructor
of Zend_Mail_Transport_Sendmail like so:
$transportWithHeader = new Zend_Mail_Transport_Sendmail(
'-fwelcome@greatnewsite.com'
);
Zend_Mail::setDefaultTransport($transportWithHeader);
What that does is pass on '-fwelcome@greatnewsite.
Pages:
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251