WebApp Sec mailing list archives

Suggestion: email anti-spoof measure on web site

From: ma.huijuan () gmail com
Date: 18 Jan 2006 09:29:50 -0000

We often find web pages with the feature to freely (without authentication) send emails to anybody you specify. For 
organsizations who have implemented anti-spoof measures on email servers, this opens up a loophole for spammers to send 
spoofed emails. 

Suggestion: For organizations who are concerned about spoofed email, the feature of sending emails without 
authentication should be removed on all their web sites.

I believe this should also be included in OWASP guide. 

Anybody has any objection on this suggestion? Do let me know, thanks.

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------

Current thread:

Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 18)
- <Possible follow-ups>
- Re: Suggestion: email anti-spoof measure on web site mike (Jan 19)
  - Re: Suggestion: email anti-spoof measure on web site Georgi Alexandrov (Jan 23)
- Re: Re: Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 19)
- Re: Re: Re: Suggestion: email anti-spoof measure on web site mike (Jan 20)