What is considered the best practice these days to sanitize data from PHP email?
I am currently using something like this ...
$msg = $_POST['msg'];
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
$name = $_POST['name'];
$subject = "Message from the MY_WEBSITE website e-mail system";
$message = "From: " . $name . "\n";
$message .= "Email: " . $email . "\n\n";
$message .= $msg;
$headers = "From: " . $email . "\r\n" .
"Reply-To: " . $email . "\r\n" .
"X-Mailer: PHP/" . phpversion();
$mailSuccess = mail("me@example.com", $subject, $message, $headers);
Is it enough protection to just filter the email field this way? Is it possible / better to simplify the script to protect against spammers?
Thanks in advance!
[EDIT] Clarification, as the answers so far indicate that I did not explain myself very well.
Basically, I am not interested in having spambots master this script, but with someone using it to send illegal emails to any address except me@example.com. This may include a bot, but equally may be the person who won the CAPTCHA test.
PHP, , , mail(), . , , , . . [/EDIT]