We are using the following code to send email messages from an online form
on our web site:

   Net::SMTP.start('localhost', 25) {|smtp|
    smtp.sendmail(message, @from, @to)
   }

The values of @from and @to are taken directly from their cgi.params values
with basically no modification. Is it possible for someone to exploite this
as a security vulnerability? Could someone use it to send email to multiple
addresses?

--
John Long
http://www.wiseheartdesign.com