Hans Dieter Pearcey wrote:
I mean what the OP said he was using it for: running various commands when
messages are received.
But that can be something as soft as (as it turned out), a mailing list
response. Which was actually *my* first thought (unsurprisingly).
I'm not talking about wheth
Excerpts from Karen Cravens's message of Wed Jan 06 11:29:15 -0500 2010:
> Depends on what you mean by access control.
I mean what the OP said he was using it for: running various commands when
messages are received.
> You'd still want E::A to parse it properly, if only so you can test for
> "If
On Jan 6, 2010, at 6:14 AM, Hans Dieter Pearcey wrote:
> If you are relying on From (or Sender) headers for access control, you have
> already lost. Almost every part of the email header and SMTP transaction can
> be faked by a malicious user.
OK - my apologies for such foolish questions, but w
Hans Dieter Pearcey wrote:
If you are relying on From (or Sender) headers for access control, you have
already lost. Almost every part of the email header and SMTP transaction can
be faked by a malicious user.
Depends on what you mean by access control. I can easily see where you'd
want to u
Excerpts from Justin Skazat's message of Tue Jan 05 17:32:25 -0500 2010:
> > But that can already easily be done, I can just put
> >
> > From: You
> >
> > in my email headers.
>
> OK - what should I do about that? What's the general wisdom to help thwart
> that? Use the Sender: header? Both? S
On Jan 5, 2010, at 12:17 AM, Matijs van Zuijlen wrote:
> What is the actual spoofing problem that occurs?
The spoofing occurs, since the system receives mail with a From: header like
this:
From: m...@example.com
Which looks like a From: line with a comment, and then the email address (in
br
On Tue, Jan 5, 2010 at 2:17 AM, Matijs van Zuijlen wrote:
> > As far as I can grok, having multiple From: addresses doesn't really make
> > much sense (is it legal?)
>
> Yes, according to RFC 2822, but they must be separated by commas.
Consider a letter which is written by multiple people. One p
Hi Justin,
Justin Skazat wrote:
> I'm starting to get reports from users who are saying my code that relies on
> Email::Address is getting spoofed. Here's a small example:
>
> [...]
>
> my $from = q...@example.com };
>
> [...]
>
> As you can see, it just takes the phrase unquoted to trip this
