Think about the following scenarios:
2) In a form where the user can specify the recipient and message, an attacker could use your form to send their own content. This attack vector is even better! Now an attacker can use you to send out their spam. They can specify the addressee, the content, and maybe even specify the "from" address. Now they can use you to send out their spam for them, and you take the fall.
Both of these scenarios can be mitigated by:
- Employees should be educated in being suspicious of content and validating it before viewing or opening.
- Encoding text in comment boxes to ensure a mail client doesn't try to interpret it as code
- Require visitors to your site to make a purchase of an item before allowing them to send a message to another user for a gift purchase. They may still try to send a malicious message, but you are now able to track who the user is including their payment information.
- If you still want to allow users to send messages from your site, at the very least require some type of valid login. Don't make this publicly accessible. People will abuse it!