I'm about to ask a similar question. But to answer yours, what you need to do is make sure that the page of the order form says [url.com....] That when they hit the submit button, it still goes to the [url.com...] page. If the email account that this gets sent to is on a different server, then unless you secure and encrypt your email, someone can read the info in plain text if they have a sniffer. Some versions of formmail.pl do list the email address in the form. So if someone is targetting your email, and your email is in an insecure place, they can go after it. How? Well let's say your email is hosted with a virtual account of isp xyz.com. The intruder could get a virtual account at the same place, learn all about your system, if they're lucky get on the very same box and place tools to grab your data.

To make it safer, get a dedicated box and have the email go to an account on the same box. That way the intruder would have to have an account in the same data center and really work hard to get at your data and do more to break in. It's not that easy to target your email that way.

However, when you pick up your email with your pop account, that is most probably insecure, so if you can encrypt that, then you're 99.999% more secure then the vast majority of ecommerce on the internet according to the Gartner group. ;)

You should probably look at some of the formmail related discussions around. Do a site search [searchengineworld.com] to find others but I found this one.

Are There Security Holes In FormMail? [webmasterworld.com]

There seem to be two issues here.

1) is your formmail installation safe from being used to send spam?

It probably is based on what you've said. Generally, if you don't hide the recipient address in the HTML, such as hidden form fields, you'll be alright. It should be coded into the script itself.

2) is it safe for you to email your customers' credit cards and purchase information through email in plaintext?

I'd think not.

Am I missing something?

wibblewobble - unless you know how to secure and encrypt those transactions, look seriously at using a payment processing company instead.

Clark said:
make sure that the page of the order form says [url.com....] That when they hit the submit button, it still goes to the [url.com...] page

Indeed, the form is entirely secure, though the formmail is in a /common files/perl/formmail type directory. Thats like, strike one.

amoore said:
It probably is [safe from spam] based on what you've said. Generally, if you don't hide the recipient address in the HTML, such as hidden form fields, you'll be alright. It should be coded into the script itself.

Regarding this, unfortunately, due to the nature of the common path to perl I can't edit the formmail, so the address is a hidden input tag. Strike two.

furthermore:
is it safe for you to email your customers' credit cards and purchase information through email in plaintext?
I'd think not.

Nuts. Strike three.

Curses, I'm going to have to phone or email the hosting people and demand they explain how I can acquire credit card details securely, as they boast. I feel conned, and a fool.

The other thread certainly highlighted issues surrounding formmail, and I suppose I'll have to look into processing systems or something.

Thanks.