On 8 Jan 2007, at 23:02, Jim Lester wrote:
So I like the ability to have multiple identities but right now its
a huge security risk to have enable the way I see it. Since there
is no indication in the header of the original username, and also
no check to authorize the user for the address they are adding, I
just can't allow my users to have that option. It wont even be a
day before people start sending emails out as me and as the
officers. Does anybody else share this sentiment? If so, I propose
that there needs to be 1) a simple way to disable it and 2) a way
to force RC to put the original identity into the headers of the
outgoing message. Thanks.
It's pretty trivial to forge a from address if you are allowed to
send email. Any desktop mail client will let you claim to be anyone
you want. You should block this behaviour at the mail server and not
in the client to be sure that it doesn't happen.
Cheers, Craig -- Craig Webster | Lead Developer | e: craig@xeriom.net Xeriom Networks | skype: craigwebster | w: http://xeriom.net/
Chat with us now: http://xeriomnetworks.campfirenow.com/ef706