A mis-configured MTA will allow you to put whatever you want into the reply-to header.
Axton Grams On Wed, Jun 8, 2011 at 9:11 AM, Andrew C Goodall <[email protected]> wrote: > Any decent well designed application will have layers of abstraction :) > Who doesn't validate for '@' in an email field! Apparently BMC. > > > Regards, > > Andrew Goodall > Software Engineer 2 | Development Services | jcpenney . www.jcp.com > > > -----Original Message----- > From: Action Request System discussion list(ARSList) > [mailto:[email protected]] On Behalf Of Axton > Sent: Wednesday, June 08, 2011 9:05 AM > To: [email protected] > Subject: Re: WARNING OF BAD AS DESIGNED FEATURE IN ITSM - zero in internet > email field for person is not good. > > What is 'as designed' is the ability to use a group id, group name, > login name, or email address in the email message delivery fields. > When a number is seen, it is interpreted as a group id. > Unfortunately, 0 is the group id for public. > > Not saying it's right, but that's what it is, and the application can > (and in my opinion, should) account for this. > > Seems a knob could be added to the email engine that disallowed this, > or defined a threshold for group member count could be used to address > this. It's not the first time this has burned someone (not > necessarily in the ITSM world either). The notification engine may > add a layer of abstraction on top of the email engine that discounts > the use of this capability at the email engine layer (I don't know > enough about it to say for sure). > > Take a system that has an email auto-reply set up. Send an email to > that system with a reply-to address of 0 and guess what you would get. > > Axton > > The opinions, statements, and/or suggested courses of action expressed > in this E-mail do not necessarily reflect those of BMC Software, Inc. > My voluntary participation in this forum is not intended to convey a > role as a spokesperson, liaison or public relations representative for > BMC Software, Inc. > > On Wed, Jun 8, 2011 at 8:49 AM, Andrew C Goodall <[email protected]> wrote: >> ** >> >> All, >> >> >> >> FYI - for ITSM users >> >> >> >> We had an issue last week in which a service desk associate created a >> proposed people record for a vendor and entered a zero as the persons email >> address. >> >> Upon creating the incident with the new person as the customer the BMC >> workflow treated "zero" in the email field as meaning I need to email >> EVERYBODY that has a people record!!!! For use that is over 300,000 records! >> >> >> >> Needless to say our executives were not very happy about this, we had opened >> a CRITCAL issue with BMC on this because it was not as simple as deleting >> all the relevant records from "AR System Email Messages" form since the NTE >> functionality was shipping 100 records or so every few minutes to be >> processed by the email engine in "AR System Email Messages". >> >> >> >> We needed to STOP the messages from getting processed by NTE, but BMC >> support did not have a remedy (HA - pardon the pun), they said we just had >> to let them process - RIDICULUOUS! Furthermore we found out through this >> issue that this is an "AS DESIGNED" feature - RIDICULULOUS! >> >> >> >> So be warned if you don't want your service desk to accidently email >> everyone in the company add an active link to validate the value in the >> email field when creating a people record. >> >> >> >> It is breath taking to me why BMC would think this is a good "AS DESIGNED" >> feature. I can understand needing that capability for use in workflow - but >> for goodness sake only allow it on a back end hidden field e.g. a z_ field, >> and NOT a forward facing field editable by users. >> >> >> >> Regards, >> >> >> >> Andrew Goodall >> >> Software Engineer 2 | Development Services | jcpenney . www.jcp.com >> >> >> >> The information transmitted is intended only for the person or entity to >> which it is addressed and >> may contain confidential and/or privileged material. If the reader of this >> message is not the intended >> recipient, you are hereby notified that your access is unauthorized, and any >> review, dissemination, >> distribution or copying of this message including any attachments is >> strictly prohibited. If you are not >> the intended recipient, please contact the sender and delete the material >> from any computer. >> >> _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are" > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. If the reader of this message is not the intended recipient, > you are hereby notified that your access is unauthorized, and any review, > dissemination, distribution or copying of this message including any > attachments is strictly prohibited. If you are not the intended > recipient, please contact the sender and delete the material from any > computer. > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
