Is the "unscrupulous user" on your machine, or is it a guy from
some other system?
On Wed, 5 Apr 2006, Nipun Jain wrote:
I am facing a problem of email spoofing with my webmail (running on
roundcube).
Some unscruplous person(s) using my webmail has set their reply to address
as [EMAIL PROTECTED] and / or [EMAIL PROTECTED] in their identity
and is / are using that identity to send email to other people on their
webmail account at mydomain.com. Now the recipient gets fooled by this
spoofed mail as roundcube (and maybe other web based email) displays the
sender as the spoofed email id ( i.e. [EMAIL PROTECTED] or
[EMAIL PROTECTED]) and not the actual email id used to send the
email. I myself have received a couple of such mails and was perplexed to
see to get an email from [EMAIL PROTECTED] as I am the admin, and
my email is [EMAIL PROTECTED] ([EMAIL PROTECTED] does not exist).
I tried to figure out the actual email id by reading the email headers but
it didnt show the actual email id, only showed the spoofed email id as
[EMAIL PROTECTED]
(or [EMAIL PROTECTED]).
Now is this supposed to work this way? I mean setting the reply to field to
any email address in roundcube enables one to spoof the sender's email id?
Is there any way to disable the "Reply To" field in roundcube so that users
are unable to send spoofed mails?
**************************************
Jon Daley
http://jon.limedaley.com/
Needs are a function of what other people have.
-- Jone's Principle
