As a first line of defense, you can check up the HTTP
referral, which is one of the HTTP header fields of an
HTTP request:
https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Request_fields[
^],
https://en.wikipedia.org/wiki/HTTP_referer[
^].
All scripting modules for all non-nonsense HTTP servers allows you to check up this fields. If the referrer is not what's expected for your mail script, you script should not handle this HTTP request with normal processing including sending the mail.
On Perl, see also:
http://www.perlmonks.org/?node_id=747530[
^].
Note that this is not 100% reliable defense, because the HTTP request can be spoofed. That's why I called it "first line of defense".
Now, this is, by far, not the only security concern of the mail script, which is potentially quite a dangerous part of Web sites. I discovered amazingly simple let efficient exploit (from real-life experience) which could turn your Web host into a zombie spreading spam in no time. I described it, as well as the protection, in my past answer:
unable to send mail , it showing the error in below code .[
^];
see also:
In what way $('#myelement').valid(); works[
^].
Good luck. Be safe.
—SA
Submit an article or tip