I wish to code a little service where I will be able to send an e-mail to a specific address used by my server to send specific commands to my server.
I'll check against a list of permitted e-mail addresses to make sure no one unauthorized will send a command to the server, but how do I make sure that, say, an e-mail sent by "[email protected]" really comes from "thezombie.net"?
I thought about checking the header for the original e-mail server's IP and pinging the domain to make sure it is the same, but would that be reliable?
Example:
Server receives a command from [email protected] [email protected] is authorized, proceed with checks Server checks "thezombie.net"'s IP from the header: W.X.Y.Z Server pings "thezombie.net" for it's IP: A.B.C.D The IPs do not correspond, do not process command
Is there any better way to do that?