osCommerce PCI Hosting Services starting at $9.95/mo

Recently, our development team had a discussion about the current mailer class in osCommerce, CRE Loaded Cart. The mailer class has been around for quite some time, now. What it does not include in the SMTP functions are the abilities to send message directly over TLS or SSL for encryption. This aspect of secure ecommerce is crucial! Customer data, middle 6 digits of credit cards, sign ups, order confirmations are all sent in plain text/html for any hacker to view if they are curretnly sniffing your network traffic. The EOS project has began an agressive effort to include secure esmtp into their oscommerce deriviative. I recommend that current osCommerce stores consider monitoring the project to go into production mode or hire a programmer to secure the php mailer class.

Another issue if your host has built PHP as a DSO module is that email is sent as nobody@serverhostname.domain.com and when a remote host completes a sender call-back verification, email user nobody@ will be denied. So it's important to utilize smtp email, but enhance it for securities sake!