

Ask YC: How to prevent email spoofing in web app? - ca98am79

I am creating a web application that accepts submissions via email from users.  I use the From: line in the email header to pull up the user information in the database, but this can easily be spoofed.  Can anyone offer advice, links, anything, etc.. for a way to fix this problem?<p>Thanks very much in advance.
======
olefoo
The standard way to do this is to use a randomly generated destination address
which can be reset by the user.

If you want greater security than that you could have the user include their
'secret word' in the subject line or body of the message; which will work as
long as they can reset that too.

Do not use this for anything where a single spoofed message could have dire
financial consequences.

~~~
ca98am79
thanks - I ended up using something like this

------
noodle
a quick, simple (hopefully temporary) solution would be to have them submit
some sort of password with the email (not the same one they use to log in).

it isn't very secure, but its a level or two of security higher than what
you're creating now without any protections.

------
adityakothadiya
i'm also interested in the solution of this question. i'm looking for more
like a posterous.com kind of email submission. no password or secret word, and
email is sent to a common email address. suggestions? pointers?

~~~
ca98am79
my friend actually just posted to my posterous blog (as me) with a simple one-
line php script

~~~
rantfoil
Would love to investigate this for you -- please contact me directly -- garry
[at] posterous.com.

Thanks!

