WebApp Sec mailing list archives
Suggestion: email anti-spoof measure on web site
From: ma.huijuan () gmail com
Date: 18 Jan 2006 09:29:50 -0000
We often find web pages with the feature to freely (without authentication) send emails to anybody you specify. For organsizations who have implemented anti-spoof measures on email servers, this opens up a loophole for spammers to send spoofed emails. Suggestion: For organizations who are concerned about spoofed email, the feature of sending emails without authentication should be removed on all their web sites. I believe this should also be included in OWASP guide. Anybody has any objection on this suggestion? Do let me know, thanks. ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 18)
- <Possible follow-ups>
- Re: Suggestion: email anti-spoof measure on web site mike (Jan 19)
- Re: Suggestion: email anti-spoof measure on web site Georgi Alexandrov (Jan 23)
- Re: Re: Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 19)
- Re: Re: Re: Suggestion: email anti-spoof measure on web site mike (Jan 20)