dorayme said:
Trying to get my head around these points. A spammer who already
knows the email address of people can do all manner of things, what
is so attractive to a spammer of a form that has a CC input?
Spammers never send from their own accounts. They use botnets of
clueless Windows users; they use open relays on mail servers; and they
use insecure web forms, where they inject bcc: lists. They forcefeed to
get maximum output in the shortest amount of time, before the
compromised source is shut down.
In this case, there is already a cc: field so they can annoy anyone even
if the form itself is secure.
That he gets also to send info to the form's owner?
He doesn't care about that. Adrienne probably would, as soon as her
Inbox filled up. :-0
Perhaps the penny will drop for me, but it is still early here.
I have learnt something from this thread: that it is likely many
people don't like a mere contact form without a proper email address
as an alternative means of communication. And that there is some
downside (which I don't fathom completely) to putting in a CC field.
The downside is spammers can use it. The upside is .. well, the poster
gets a copy of hir submission to the web form, for the records.
Personally, I don't think it is necessary, so long as the web site owner
responds in a timely fashion.