It's actually quite easy to fake an email address because SMTP doesn't authentic... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

edwardy20 on July 15, 2011 | parent | context | favorite | on: This is how vulnerable your Facebook Page can real...

It's actually quite easy to fake an email address because SMTP doesn't authenticate the sender. For example, I can send someone (exampleperson@example.com) an email that appears to be from 'admin@facebook.com' with one line of php code:

<?php mail('exampleperson@example.com', 'Example Subject', 'Example Message', 'From: admin@facebook.com' ); ?>

markelliot on July 15, 2011 [–]

That explains spoofing of the originating address; to generate a signed email surely you would need a set of certificates.

edwardy20 on July 15, 2011 | [–]

Oops I missed that. noonat's solution seems more likely then.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact