If you're a Movable Type user, you probably already heard of the spam vulnerability of the "Email this to a friend" script in Movable Type. Six Apart has posted a fix, of course, with a disclaimer that the fix only discourages spammers, not prevent spamming outright. What is the vulnerability anyway, you ask? You may want to read this thread for the skinny.

What can you do? Well, you should remove mt-send-entry.cgi completely if you don't use it. I doubt too many end users actually use any of that "Email this to a friend" functionality anyway so you probably have nothing to lose. Why do I say so? One word: usability.

  1. Your users have to be able to find the link first to use it.
  2. Your users probably are accustomed to using email or IM to send links (think ICQ's Send URL functionality).
  3. The average surfer is unlikely to be so enthusiastic as to send links to his/her friends. Of course, this assumes that your average surfer has friends.

The point? Scrap that functionality, delete that file.