I thought of another angle. What if another host on the same server were to discover your domain name? They could then use the cfmail tag to send out email using your domain, right? Well, this is probably true, but there is nothing stopping anybody, anywhere from doing that. Well, not /really/ using your domain, but spammers spoof email addresses all the time. Anybody can download a programming language, and send out emails that look like they come from whatever address they want.
So my point is, not requiring a un/pw for the cfmail tag doesn't seem to be a big issue. > -----Original Message----- > From: Munson, Jacob [mailto:[EMAIL PROTECTED] > Sent: Friday, January 13, 2006 3:55 PM > To: CF-Talk > Subject: RE: Is this a problem? CFMAIL with no authentication??? > > I'm no expert on this issue, but I'll give my two cents since nobody > else has so far. > > A host is worried about spam if they require username/password for > cfmail. They don't want people using their servers to send out spam. > However, can a spammer use the cfmail tag on their sever? > Only if they > can create and execute a .cfm file (of course, the can't do that). If > you make your email forms secure so that people can't hijack them to > send out spam, I can't think of any reason their setup is > bad. I don't > see it as a security risk, because you are the only one that can use > cfmail. And if some bad guy were to somehow get access to the server, > the worse he can do with the cfmail tag is send emails without your > permission. > > > -----Original Message----- > > From: Mike Kear > > > > Thank you Casey. > > > > But I'm trying to work out: > > > > [A] should I worry about this setup in a shared hosting > > environment, and > > [B] why the CFMAIL tag works when i have no useremail and password > > attribute, and doesnt work when i do supply valid useremail > > and password. > > > > Your answer, while accurate, and interesting, doesnt answer > > either of these > > questions. Does anyone know? [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229532 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
