Prevent someone from sending unauthorized mail

[patrickdobler]

Hi,

It is a very nice function to assemble the email address and appear in any address as "from" ([email protected]) . However, this also contains a security risk. If someone know that your domain is registered within Anonaddy, he can use it and send mails under any name with your domain.

I did two test from my gmail account which is not my recipients mail.

Test1:
From: [email protected]
To: [email protected]

Test2:
From: [email protected]
To: [email protected]

Unfortunately, both tests worked successfully. Even the alias ([email protected] and [email protected]) did not exist and were created when it was used for the first time.

I don't know the best way for solving this but here is one idea:

1. generate some characters and add it to the reply-to address (ie: [email protected]), or make the whole reply-to address cryptic.
2. if you don't have a reply-to address with some random characters, use a self created secret key/name in options (ie: [email protected])

Regards
Patrick

[willbrowningme]

Hi Patrick,

If [email protected] is not listed as a verified recipient on your AnonAddy account then the emails will have been forwarded to you and not sent to [email protected], please can you check that this is the case.

Also the reason those alias were created even though they did not exist is because your username subdomain and custom domain must both have the catch-all functionality enabled, this is by design so that users can send an email from an alias and have it automatically appear in their dashboard.

There are additional checks when you attempt to send from an alias or reply using one - https://anonaddy.com/faq/#im-trying-to-reply-send-from-an-alias-but-it-is-rejected-whats-wrong

[patrickdobler]

Hey

Omg, you are right. I'm so lost in this alias-mail-jungle. Sorry to bother you.
I'm really looking forward for the "rules function".

Good work!