Sending Mail from a Web Page

Now that you have a mail function—send_mail()—the rest of sending mail from a Web page is a snap! You just have to design a page and write the CGI to go along with it. A sample email HTML form is shown in Listing 22.3. The form isn't very pretty, but feel free to use your own style to spice it up.

Listing 22.3 HTML Form for Sending Email
1.  <!--assumes a program called /cgi-bin/mailer.cgi exists-->
2.  <FORM METHOD=POST ACTION="/cgi-bin/mailer.cgi">
3.  Your address: <INPUT TYPE=text NAME=return_addr><BR>
4.  Subject: <INPUT TYPE=text NAME=subject><BR>
5.  <BR>
6.  Message:<BR>
7.  <TEXTAREA NAME=body ROWS=20 COLS=60 WRAP=hard>
8.  Type your message here
9.  </TEXTAREA>
10. <BR>
11. <INPUT TYPE=SUBMIT VALUE="Send Message">
12. </FORM>

The CGI program for sending the mail isn't much larger. It's shown next.

#!/usr/bin/perl -w
use strict;
use CGI qw(:all);
use CGI::Carp qw(fatalsToBrowser);
#
# Insert the send_mail function 
# from Listing 22.1 or 22.2 here!
#

print header;
my $return=param("return_addr");
if (! defined $return or ! $return) {
        print "You must supply an e-mail address<P>";
        exit;
}
my $subject=param("subject");
if (! define $subject or ! $subject) {
        print "You must supply a subject<P>";
        exit;
}

# Change this address to wherever you want your
# mail sent
send_mail('[email protected]',
          param($return),
          param($subject),
          param("body"));

print "Mail sent.";

You should note a few points about this small program in the previous code. First, you must insert the send_mail function from either Listing 22.1 or Listing 22.2 for this program to work. Use whichever listing works best and is appropriate for you.

Second, notice that the To: address is hard-wired into the program—as [email protected]. You need to change this address as well to whatever address you want the mail sent to. The reason that the address is not taken from the users is simple: You don't want users sending mail to arbitrary addresses using a Web form. If people abuse your form and send, say, hate mail to someone, then you and your system will be targeted as the originator of the message. This is not a good idea.

If you need to be able to send to multiple targets with one form, use a drop-down list (or radio buttons) to provide a choice of addresses:

<INPUT TYPE=radio NAME=target Value=1 CHECKED>Support Department
<INPUT TYPE=radio NAME=target Value=2>Sales Department
<INPUT TYPE=radio NAME=target Value=3>Legal Department

Then, in your program, use a piece of code like this:

$formtarget=param('target'),
%targets=( 1=> '[email protected]',
           2=> '[email protected]',
           3=> '[email protected]'),
if (exists($targets{$formtarget})) {
        $target=$targets{$formtarget};
} else {
        $target='[email protected]';
}
print $target;

Whatever you do, do not allow the actual To: email addresses to be passed in from the form and used in your program. Pass a harmless value (1 to 3 in the example), and interpret that value in your CGI program, allowing for incorrect values to be passed—the else clause in the example—even if it seems impossible.

Verifying Email Addresses

You may have noticed that the CGI program didn't try to determine whether the email address entered by the user was valid. There's a good reason for that. It's not possible.

That answer might surprise you.

One of the Holy Grails of designing an email system on the Internet is to know whether the destination address is valid. And the short answer is that it's not possible.

The difficulty stems from Figures 22.1 and 22.2 at the beginning of this hour. From the originating system's perspective, it can't see the end of the delivery chain. It has to fully hand off the message to the second system in the chain, which passes it along to the third, and so on. The delay between these "handoffs" is significant. What's even more important is that the originating system has no control over the message after it's past the first handoff.

The standard approach is to try to weed out obviously false addresses—except there's no way to tell that an address isn't valid. The Internet standard for email addressing—RFC 822—has a template for standard email addresses. However, some perfectly valid RFC-822–compliant addresses are not valid, and some addresses that break the RFC-822 standards are still valid, deliverable addresses.

Writing regular expressions to match email addresses doesn't work. For example, the expression /^[w.-]+@([w.-].)+w+$/ looks reasonable. It even matches addresses like [email protected]. However, it rejects the following perfectly valid email addresses:

    *@qz.az
    [email protected]
    relay%[email protected]
    "barney&fred"@flintstones.net

One regular expression to match RFC-822–compliant email addresses is 4,700 characters long—a bit too long to put in this book and expect you to type. And it doesn't match every deliverable address on the Internet.

So what are you to do?

The only way to determine whether an email address is valid is to send a message to that address and wait for a reply to the message. If, for some reason, you need to be guaranteed that a live human being is on the other end of the address—for example, to send future messages to, assuming he or she asked for them—send an email message asking him or her to reply. When the reply comes back, you'll know you have a valid email message.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.135.248.37