Sec prob? allowing users to specify sender when sending mail (General)
Hello!
I'm using the latest beta version of my little forum [2.0 beta 25 (2008-02-27)]!
Is there any way NOT to allow users to specify sender e-mail address when sending an email, or NOT to send a message to the sender e-mail address the user specifies, or to restrict the number of emails a user can send per unit time?
(But at the same time allow email messages)
Allowing a user to specify a sender address as well as sending a copy of the message to the sender address makes the system more or less a public mailing system - just specify any sender address and a "copy" of your message will be sent there!
This is not a nice default behaviour, since it is not obvious that this makes the system more or less a public mailing system. Removing the possibility to specify a sender address, and always use the address the user specified when logging in, makes it a little harder to use this "feature", but the best thing would, ofcourse, be to not send any message to the sender e-mail address.
Any comments?
Regards,
Erik Persson.