On 8 Jan 2007, at 23:02, Jim Lester wrote:
So I like the ability to have multiple identities but right now its a huge security risk to have enable the way I see it. Since there is no indication in the header of the original username, and also no check to authorize the user for the address they are adding, I just can't allow my users to have that option. It wont even be a day before people start sending emails out as me and as the officers. Does anybody else share this sentiment? If so, I propose that there needs to be 1) a simple way to disable it and 2) a way to force RC to put the original identity into the headers of the outgoing message. Thanks.
It's pretty trivial to forge a from address if you are allowed to send email. Any desktop mail client will let you claim to be anyone you want. You should block this behaviour at the mail server and not in the client to be sure that it doesn't happen.
Cheers, Craig -- Craig Webster | Lead Developer | e: [EMAIL PROTECTED] Xeriom Networks | skype: craigwebster | w: http://xeriom.net/ Chat with us now: http://xeriomnetworks.campfirenow.com/ef706
