You could get all your users to add an encrypted signature to their emails 
and check that on recieipt.

At 11:35 AM 9/01/02, Bogdan Stancescu wrote:
>Hi all!
>I'm working on a free software package due to be launched on freshmeat
>some time soon (next month most probably). The program is a project
>development environment, somewhat similar to phpGroupWare but, I like to
>think, better and with less bugs.
>Due to the nature of the project I need to be able to give registered
>users the ability to upload data in the system via e-mail. This
>obviously means checking who the originator of the e-mail is, apart from
>actually processing the e-mail (which works fine).
>My problem is, how do I check that securely? I'm currently using the
>headers of the e-mail for the "from:" field and check it against the
>registered users' e-mail addresses. Works fine. But I guess that's
>pretty easy to trick.
>I basically have two concerns: one is that a person may send an e-mail
>with fake headers. The other is that a user (or non-user) on the same
>domain with another user would be able to send messages using the second
>guy's e-mail account (that's because SMTP doesn't have any security
>mechanism and one can easily impersonate somebody else once they're
>logged on a computer with SMTP permissions on the mail server).
>Did anybody run into this kind of problem? Any suggestions?
>Thanks in advance - I'll let you know when we release this thing if
>you're interested.
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to