autoresponder program could be tricked by spamers to send unsolicited mail to victim's address

[<user () compulabs dhs org>]

Autoresponder program 
http://meepzor.com/packages/autoresponder/ 

could be tricked by spamers to send unsolicited mail to victim's address if option reply with copy of original message 
attached to response is enabled in autoresponder's configuration. Program does not have any sort of restriction on 
number of responses to one email address during any period of time. 

In fact if reply with copy of original message is enabled, then spam message with 
From: victim's address or Reply to: victim's address sent to autoresponding address will be delivered to victim's mail 
box including copy of original spam in attachement. 


Also, it is possible to trick autoresponder to abuse victim's email address by sending large number of messages to 
address with autoresponder enabled on it, since there is no limit on number of messages delivered to single mail box 
during some period of time. 

I could not get in contact with developer of this program despite we have sent warning to webmaster of web site hosting 
web page of autoresponder. 

Should You require any futher information, please do not hesitate to contact us at: 

info () compulabs dhs org 

Kind regards. 

Alexander Moloksher. 
IT Security Consultant. 
COMPULABS 
Melbourne, Australia. 


------=_NextPart_000_000A_01C07C91.216F5360 
Content-Type: text/html; 
charset="iso-8859-1" 
Content-Transfer-Encoding: quoted-printable 


___________________________________
COMPULABS WEB MAIL System,
http://www.compulabs.dhs.org