Authenticate email address?
Posted: Sun Dec 28, 2008 4:13 pm
Hey guys,
This seems so terribly easy, I feel ashamed to bring it to the forum. However, I was wondering what the best way of doing this would be.
In my current project, which is basically an intranet for a company, users can send email to an address with a certain note they'd like to submit. Every time someone goes to the admin page, these emails are all parsed and inserted into the database. However, I only want two email addresses to be allowed.
Here's my problem. So, I could easily create an array of these emails and then use in_array() or something similar. The problem with this is that the "From" field is often formatted in the following matter: "Joe Bloggs <joebloggs@mail.com>". So, checking against a list that contains joeblogs@mail.com would not work.
So, why not use some string search function like strstr()? Since the name in the from field is user defined, I could easily see a cracker using the following email address to get past this security measure: "joeblogs@mail.com <imahacker@twistedmorons.com>". This would easily pass the strstr command.
So, I'm stuck. Basically, is there any secure way to authenticate an email address?
This seems so terribly easy, I feel ashamed to bring it to the forum. However, I was wondering what the best way of doing this would be.
In my current project, which is basically an intranet for a company, users can send email to an address with a certain note they'd like to submit. Every time someone goes to the admin page, these emails are all parsed and inserted into the database. However, I only want two email addresses to be allowed.
Here's my problem. So, I could easily create an array of these emails and then use in_array() or something similar. The problem with this is that the "From" field is often formatted in the following matter: "Joe Bloggs <joebloggs@mail.com>". So, checking against a list that contains joeblogs@mail.com would not work.
So, why not use some string search function like strstr()? Since the name in the from field is user defined, I could easily see a cracker using the following email address to get past this security measure: "joeblogs@mail.com <imahacker@twistedmorons.com>". This would easily pass the strstr command.
So, I'm stuck. Basically, is there any secure way to authenticate an email address?