Not sure about built in functions, but thinking about your problem in more general terms.
As we know its very easy to spoof the From address, and even some of the other email headers. However, the received headers are much harder to spoof - but not impossible. You may want to look at your clients 'normal' emails to get a pattern you can check against. If they use SPF Headers, you may be able to use those, as they are even harder to spoof: http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html #anchor6 However, going with either of these may make it harder for your app to scale, as both are contingent of knowing what to check for, and code it in for that client. Another alternative that may bear some fruit is creating some authorization scheme that the users can imbed in the email - kind of like an API key for a webservice, but put in the email. Puts the onus on the user to craft an email correctly - but may be an easy way since the key is given to the user in advance. Though this doesn't seem to be very secure - as it uses obscurity as its primary safety net - but used with the From address could create a decent system. I'm out of ideas... Anyone else have some thoughts? This thread interests me. -- Eric Marden Sr. PHP Developer -----Original Message----- From: digitalus_media [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 12:32 PM To: [email protected] Subject: [fw-general] authenticating the sender when reading mail are there any built in methods to authenticate the mail sender using zend_mail? i want to write a basecamp plugin that will enable my clients to post messages via email. i am going to run this service from my server. it is very important that people can not spoof addresses. ----- http://http://code.google.com/p/digitalus-site-manager/ Digitalus Site Manager | http://forrestlyman.com Forrest Lyman -- View this message in context: http://www.nabble.com/authenticating-the-sender-when-reading-mail-tp1627 7598p16277598.html Sent from the Zend Framework mailing list archive at Nabble.com.
