Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    mypointofview
    Guest

    Why should one include \n at the end of the "From" field?

    Working on an email reply form using PHP...

    You should always include a new line character at the end of the "From:" field.
    Above is a quote from CYPHIX, a very helpful member from this forum. Full thread here.

    When doing this, the first line in the incoming email is empty. It's just an esthetical thing but that started me wondering -- WHY this advice?

    I read on a PHP official page that acually both \n and \r should be used. See here. Or do I understand it wrong? Here's what the PHP offical page says:
    additional_headers (optional) [...] Multiple extra headers should be separated with a CRLF (\r\n).
    I'm a beginner and just puzzled -- how to understand that

    Question 1: Is the advice to use the new line character after the from field designed to prevent unauthorized email injection ?

    Question 2: Is it thus "safer" to use both \n and \r ?

    Thanks, Martin.

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Using \r\n to separate your additional headers (From, CC, BCC, etc.) is a standard. However, according to php.net, some unix systems automatically return \r\n when a linefeed is found. With this in mind, if your mail is not sent, alter your headers \r\n into \n instead of \r\n, which is NOT standard. Php.net also suggests that this should be a last resort option.
    If my memory serves me correctly, separation of your additional headers is only required should you have more than one header to send. So, if you have only one additional header to send, I believe you do not need to end it using CRLF.
    As for your second question, use \r\n as often as you can. These are due to the way different OS' handle the linefeeds, \n for windows, \r\n for *nix, and \r for mac (if my memory serves me correct again).
    A mail wizard can probably give you a more indepth breakdown of whats actually happening, so perhaps its best to await for other postings too.

  • #3
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    mypointofview, it is not mandatory to append a single newline character after the From: header. What happens in your case is that PHP automatically separates the headers from the message part with a newline, and that's why an additional newline is displayed at the top mail when viewed in your mail client.

    This additional newline has nothing to do with preventing email injection attacks.

    Regarding question 2, I can only support what Fou-Lu wrote. What happens with the separators is up to the MTA. This can be different from server to server, but in general you are quite safe with using CRLF (\r\n).

    The format of email headers is actually dead simple, the SMTP protocol also. I suggest you try to send an email from the command line via telnet. It's very educating to type each SMTP command and email header, you will understand the underlying mechanics of email transfer better this way. I haven't got any good introductory text at my hands now, this looks quite ok after a quick googling:
    http://community.kavi.com/khelp/kmlm...ail_works.html

    Don't hesitate to ask further questions...
    De gustibus non est disputandum.

  • #4
    mypointofview
    Guest
    Danke mordred! Great link about how email works - very informative


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •