Planet CakePHP

If you’re not careful, sending email via PHP is about as safe as cookies at Fat Camp. BKWLD was recently tagged by a spammer who noticed one such insecurity on one of our websites and ended up using our server to send hundreds of emails. It wasn’t until MediaTemple informed us of this breach that we realized what had happened.
The method most spammers use is called a “mail injection”, in that the spammer manipulats the PHP mail() function via a custom form post, etc. I won’t go into details, as a quick search on Google came up with over 225,000 pages describing this technique – here are a few.
Getting around these hacks requires detailed validation of your data.Thankfully I’ve done everything for you using the best PHP email class around, PHPMailer. My class is called SendMail and it’s an extension of the PHPMailer class. The result is a powerful script capable of sending email via SMTP or POP3, all without handing over your server to a toothless spammer.

The SendMail class has been updated. Please view the updates before commenting.

Download The SendMail Class
Click the link to download the SendMail class and continue reading to learn how to use it.
Download the SendMail class
Setup
Setting up the SendMail class is easy-peezie. Simply include the required SendMail variables and call the send() function to send emails:

<?php
require("inc/class.sendmail.php");

if($_POST){
$mail = new SendMail;

$mail->authHosts = array("domain.com");

$mail->addEmail("[email protected]","Name",);
$mail->addEmail("[email protected]","Name2");

$mail->subject($_POST['subject']);
$mail->body($_POST['body']);

$mail->fromName($_POST['from_name']);
$mail->fromEmail($_POST['from_email']);

$result = $mail->send();

if (!$result){
if(!empty($mail->errors)) {
$mail->displayErrors($mail->errors,'ol');
}
exit();
}
}

echo "Message was sent successfully";
?>

For further security, you may implement the authHosts variable as highlighted above. The authHosts array specifies what domains are allowed to send $_POST data. Any domains not listed that attempted to contact the script via $_POST will get a 403 (permission denied) error.
Further Configuration
If you need to specify an SMTP host, username, and password, include each variable before calling the send() function. You may also specify the charset and select whether or not HTML should be used in the email by using the respective code below:

// ...
$mail = new SendMail;

if($_POST) {

$mail = new SendMail;

$mail->authHosts = array("domain.com");

$mail->host = 'mail.domain.com';
$mail->username = 'root';
$mail->password = 'pass123';

$mail->charset = 'utf-8';
$mail->bodyHtml = "HTML goes in here";

$mail->addEmail("[email protected]","Name");
$mail->addEmail("[email protected]","Name2");

$mail->subject($_POST['subject']);
$mail->body($_POST['body']);

$mail->fromName($_POST['from_name']);
$mail->fromEmail($_POST['from_email']);

$mail->Mailer = 'mail';

$result = $mail->send();

if (!$result){
if(!empty($mail->errors)) {
$mail->displayErrors($mail->errors,'ol');
}
exit();
}
}
// ...

When displaying errors via the displayErrors() function, you may choose to use

or

HTML. If you’d rather receive errors as an array, use $mail->errors only.
Fini, Cowboy
If you need further explanation or would like a better understanding of the code, dig into the inc/class.sendmail.php file. The code is well-commented and should guide you nicely. If it doesn’t, comment and I’ll help you myself. For further information on PHPMailer, go to the official website.
Updates
Nov 27, 2007: The entire SendMail class has been rewritten to better perform as OOP should. The domain security is now optional. All files have been updated for downloading.
Dec 21, 2007: Select between sending with PHP mail(), SMTP, or POP using Mailer as shown above. All files have been updated for downloading. Eat it up.
Jan 15, 2008: When sending HTML mail, alternative text sends accordingly.