Yes, this is a problem (General)

by erikp, Friday, March 07, 2008, 21:12 (5865 days ago) @ Bert
edited by erikp, Friday, March 07, 2008, 21:18

Doesn't anyone find it the least worrying that you can use my little forum to send mail to just about anyone in the world?


I have to agree, it would be better to show the email link only to people who are registered and logged in (similar to the user area).

People who do not want to register should not have the feature to address anybody through the forum...

Bert

I think that no email should be sent to the "sender e-mail" adress, or that the *only* possibility should be to send it to the adress specified when registering.

Since the mail is sent to the "Sender e-mail" as well, and you can put any email address there, you can send email to anyone, not just the persons registered in the forum. Thus you can send an email to anyone!!! It would not be hard to construct a post request to the server which could be sent many times to do mass mailing! As I understand it, it would not be hard to use many my little forum installs as a means to transmit unsolicited bulk mail.

Many installs lets anyone register and the registering is automatic. A spammer could use this and register, and then use the email function to email anyone by using the contact form.

/erikp

locked
4122 views

Complete thread:

 RSS Feed of thread