Hans Dieter Pearcey wrote:
I mean what the OP said he was using it for: running various commands when
messages are received.
But that can be something as soft as (as it turned out), a mailing list
response. Which was actually *my* first thought (unsurprisingly).
I'm not talking about
Excerpts from Justin Skazat's message of Tue Jan 05 17:32:25 -0500 2010:
But that can already easily be done, I can just put
From: You m...@example.com
in my email headers.
OK - what should I do about that? What's the general wisdom to help thwart
that? Use the Sender: header?
Hans Dieter Pearcey wrote:
If you are relying on From (or Sender) headers for access control, you have
already lost. Almost every part of the email header and SMTP transaction can
be faked by a malicious user.
Depends on what you mean by access control. I can easily see where you'd
want to
On Jan 6, 2010, at 6:14 AM, Hans Dieter Pearcey wrote:
If you are relying on From (or Sender) headers for access control, you have
already lost. Almost every part of the email header and SMTP transaction can
be faked by a malicious user.
OK - my apologies for such foolish questions, but
Excerpts from Karen Cravens's message of Wed Jan 06 11:29:15 -0500 2010:
Depends on what you mean by access control.
I mean what the OP said he was using it for: running various commands when
messages are received.
You'd still want E::A to parse it properly, if only so you can test for
If
On Tue, Jan 5, 2010 at 2:17 AM, Matijs van Zuijlen mat...@matijs.netwrote:
As far as I can grok, having multiple From: addresses doesn't really make
much sense (is it legal?)
Yes, according to RFC 2822, but they must be separated by commas.
Consider a letter which is written by multiple
On Jan 5, 2010, at 12:17 AM, Matijs van Zuijlen wrote:
What is the actual spoofing problem that occurs?
The spoofing occurs, since the system receives mail with a From: header like
this:
From: m...@example.com spoofer.addr...@malicious-site.com
Which looks like a From: line with a comment,
I'm starting to get reports from users who are saying my code that relies on
Email::Address is getting spoofed. Here's a small example:
#!/usr/bin/perl
use strict;
use Email::Address;
my $from = q...@example.com spoofer.addr...@malicious-site.com};
my $from2 = q{m...@example.com
