Page 1 of 1

Authenticate email address?

Posted: Sun Dec 28, 2008 4:13 pm
by The_Anomaly
Hey guys,

This seems so terribly easy, I feel ashamed to bring it to the forum. However, I was wondering what the best way of doing this would be.

In my current project, which is basically an intranet for a company, users can send email to an address with a certain note they'd like to submit. Every time someone goes to the admin page, these emails are all parsed and inserted into the database. However, I only want two email addresses to be allowed.

Here's my problem. So, I could easily create an array of these emails and then use in_array() or something similar. The problem with this is that the "From" field is often formatted in the following matter: "Joe Bloggs <joebloggs@mail.com>". So, checking against a list that contains joeblogs@mail.com would not work.

So, why not use some string search function like strstr()? Since the name in the from field is user defined, I could easily see a cracker using the following email address to get past this security measure: "joeblogs@mail.com <imahacker@twistedmorons.com>". This would easily pass the strstr command.

So, I'm stuck. Basically, is there any secure way to authenticate an email address?

Re: Authenticate email address?

Posted: Sun Dec 28, 2008 10:21 pm
by cptnwinky
You could use a regular expression (albeit a complicated one) to match and check either form of email address. Alternatively if I understand you correctly you could just create a dropdown box with only the two emails you will allow as choices.

Re: Authenticate email address?

Posted: Sun Dec 28, 2008 10:34 pm
by novice4eva
I bet there is one for the email too....but this was a very interesting topic by matthijs about using filters
viewtopic.php?f=34&t=92052&p=503956#p503956

Re: Authenticate email address?

Posted: Sun Dec 28, 2008 10:43 pm
by Ambush Commander
The trouble is that even the From header can be spoofed, so it really can't be trusted.