Billy Crook wrote:
Further, using the 'sender' of an email to in any way identify the human that send said email is poor design,
Sez you, smartypants.
as the 'sender' is in no way guaranteed authentic.
NOT checking the sender means that a random number spam attack on the server will eventually start hitting some incoming email addresses.
If we check the sender, then the attacker has to know the email address of at least one user, AND do a random number spam attack. With the 80-bit values we're using, that goes to the Really Hard level pretty fast.
Maybe, instead of just allowing anyone to post to an address, you might want to allow users to define more than one email address for their account. (We should probably do this anyways.) That way, you could add both your work and your personal email address, and either one would work for posting.
-Evan _______________________________________________ Laconica-dev mailing list [email protected] http://mail.laconi.ca/mailman/listinfo/laconica-dev
