Don't use mail()?

[bruder]

In school we were told not to use the mail() function for mass mailing. I didn't understand the reason why not with the looping or something like that (please explain if you know why). What other options do I have in order to mail about 5,000 users?

[Jordan]

I've read that is uses more resources and is slower but I can't find any articles about it. I know that the mail() function can be used in Email Injection hacks as well.

[CygnetGames]

It's because of "email injection attacks".
This is where someone using your website abuses your email form to send mail to whoever they want. The PHP mail() function is particularly vulnerable to this - which is why you will have been told not to use it.

It is safe to use it if you understand how injection attacks work and you know how to validate your input. At school, they probably didn't want to take the time to teach you about injection/security/validating input, and they would have to make sure that you all understood in perfectly before letting you put webpages on the internet with potentially vulnerable mail scripts in them.

If you want to send email but don't want the headache of doing the security yourself, there are some packages that will handle the security for you. Zend_Mail, Swift and Pear Mail will do this.

See this page for some more info:
Email Injection - SecurePHP

[NeedHelp]

I've never heard this and always used mail() blindly. Thanks for the info!