I want to develop a system with which users interact by sending in email. Very much like most email discussion groups or like posterous.
What checks should I apply to incoming email to make sure it comes from the address it claims to be?
A:
- Make user register in your system. Take their email address and validate it.
- Now as you recieve mail check if it is registered then allow it to come else block it. just like google groups.
You can add a token like things in subject field for each user. That will be validated along with the user's mail address and this token will be user's private field generated by you so we can secure it 'some how'.
org.life.java
2010-09-20 07:45:01
Ok, but someone who sees an email from the list can just fake the "From" field.
Steven Sudit
2010-09-20 07:49:07
don't let other people know the mail address of user [hide it from public access ]and just display name of the mail sender, This will secure registered mail address from being misused.
org.life.java
2010-09-20 08:06:32
but @org, if you know that a friend of yours is a member (and you know his email) then you can fake him
flybywire
2010-09-20 08:12:47
@flybywire edited the answer.
org.life.java
2010-09-20 08:26:30