I have a website, example.com
hosted at godaddy. I was just messing around with PHP's mail
function and uploaded the following to my website at example.com
:
mail( "[email protected]", "test", "test message", "From: [email protected]" );
Why does this work? I mean, it shouldn't, right? The "From" address domain isn't "@example.com". Yet, when I check my email at [email protected], I get the message from [email protected]... How is it that I'm able to (potentially) send an email from anyone's email account without their password?