When an email address is provided to the Zend_Mail class, it goes through the protected _filterEmail($email) function. This function removes illegal characters from provided addresses to the Zend_Mail class. It should throw an exception if the address contains illegal characters. The next case explains why:

A visitor (John Doe) submits a contact form, but has accidentally entered his email address with a comma instead of a dot:

john,doe@example.com (instead of john.doe@example.com)

The Zend_Mail class puts this addres through the _filterEmail function, which removes the comma:

johndoe@example.com

Now the email will be sent to the wrong email address.

Here's some code which replicates the problem:

$mail = new Zend_Mail(); $mail->addTo('youremailaddress,@domain.com'); // this will be sent to youremailaddress@domain.com $mail->setBodyText('Hello world'); $mail->setSubject('This should definately throw an exception'); $mail->setFrom('myaddress@domain.com'); $mail->send();