Author Topic: Identity Pros And Cons (Read 3172 times)

nolit · « **on:** January 09, 2007, 07:08:25 PM »

I just noticed on making an identity, a user can actually clone an existing email to use for malicious purpose. Like he can create an identity of billing@somebank.com and set it to reply to his email. This is a crude way to fetch vital info but it actually works. So in this case, the mail server (your site) may be in any way reliable to such action.

The pros is it is really fun to play around with the identities. LOL.

What do you guysthink of this?

jpingle · « **Reply #1 on:** January 09, 2007, 08:41:49 PM »

You can do this with pretty much any mail client program in existence, so it's not a new issue.

It might be nice to have the option to lock identities to @yourdomain.com, but some people rely on the fact that they can put any e-mail in there, especially if they have multiple addresses filter into one single account.

There are also very few mail servers out there that restrict this on the SMTP level (Verizon used to, I don't know if they still do) It's also one of the things that SPF is trying to protect against.

It's one of the many fundamental flaws of SMTP...

Author Topic: Identity Pros And Cons (Read 3172 times)

nolit

Identity Pros And Cons

jpingle

Re: Identity Pros And Cons