I'm hoping you can clear up something for me.
I was trying to find a way for my users to send an email to a unique email address and then use PHP to collect the mail and save the message into a database. I know I'm using PHPs IMAP functions to collect the mail but I was wondering if this would be a safe way to create a unique email address for every user, there could be potentially hundreds or thousands of accounts...
Setup a 'catch all' to forward all emails to single mailbox - lets say
[email protected].
Give users a unqiue email for each user e.g.
[email protected] (not a real email address)
Use PHP imap functions to connect to
[email protected]
So far we have EVERY email sent to any email address at @example.com
We check the 'to' header to see which mailbox the email was sent
We check the 'from' header to see if the sending user is authorised to send mail to this mail account
Store the message in the database
I know the headers of the email can be spoofed, especially the 'from' header, which is why I will encourage my users to not share their unique email address with anyone. Other than that though, are they any potential draw backs to this method, or security risks or anything I should take into consideration? If so are there any better methods I should use?
Hope I've provided enough information, but please let me know if I haven't been clear
Thanks in advance
