PHP's mail(): What are potential issues to watch out for?

Question

Given a contact form that accepts custom user input (e.g. address, subject line, message), what are some security implications and \"gotchas\" to be careful of?

At a

Answer 1

Ensure that people cannot inject linebreaks in anything but the body. Additionally make the recipient static and never pass it e.g. through a hidden form field. However, adding such a field is not a bad idea; but block the IP if it's not set to the expected value - then your client is probably a spam bot.