0

i am working on a project and i have to send mails. I noticed, that it was possible to set "From" to any email address without any kind of authentication (like password). Why is that possible and is this not a lack of security?

Sending a mail from my private domain as the "Sender" was possible and this mail was not marked as spam by the client..

Is it possible to prevent sending mails from the domain?

Doğan Uçar
  • 166
  • 3
  • 15
  • `mail` is just a frontend to the MTA (sendmail). That's where any chcking/rewriting occurs - if configured. And SMTP by itself does not enforce any authorization. Receiving mail servers do. – mario Jun 15 '16 at 00:13
  • Possible duplicate of [What's the difference between Sender, From and Return-Path?](http://stackoverflow.com/q/4367358) – mario Jun 15 '16 at 00:16
  • Possible duplicate of [What's the difference between Sender, From and Return-Path?](http://stackoverflow.com/questions/4367358/whats-the-difference-between-sender-from-and-return-path) – Tim Malone Jun 15 '16 at 02:15

1 Answers1

0

Yes, email headers can be @microsoft.com for example, but microsoft must have a SPF record on it, to indicate that your server is authorized to send messages with their domain. So, if you don't have authorization, it will be marked as spam by most email clients or you will be advised than message is fake .

sloaxleak
  • 106
  • 5