Jump to content

Recommended Posts

I'm hoping you can clear up something for me.


I was trying to find a way for my users to send an email to a unique email address and then use PHP to collect the mail and save the message into a database. I know I'm using PHPs IMAP functions to collect the mail but I was wondering if this would be a safe way to create a unique email address for every user, there could be potentially hundreds or thousands of accounts...


  1. Setup a 'catch all' to forward all emails to single mailbox - lets say mailbox@example.com.
  2. Give users a unqiue email for each user e.g. mb1234@example.com (not a real email address)
  3. Use PHP imap functions to connect to mailbox@example.com

So far we have EVERY email sent to any email address at @example.com


  1. We check the 'to' header to see which mailbox the email was sent
  2. We check the 'from' header to see if the sending user is authorised to send mail to this mail account
  3. Store the message in the database

I know the headers of the email can be spoofed, especially the 'from' header, which is why I will encourage my users to not share their unique email address with anyone. Other than that though, are they any potential draw backs to this method, or security risks or anything I should take into consideration? If so are there any better methods I should use?


Hope I've provided enough information, but please let me know if I haven't been clear :)


Thanks in advance


Edited by leeprice89
Link to comment
https://forums.phpfreaks.com/topic/296183-collecting-mail-from-mailbox/
Share on other sites

further risks?

 

 

I will encourage my users to not share their unique email address with anyone
That.  or more specifically

 

my users
When you take controlls away from yourself and give them to lesser mortals then brown material hits rotating blades with startling regularity.

 

Plus, multiply hunderes of thousands of mailboxes, by even just tens of emails a day and then think of how much storage your catch-all address is going to need to operate for 12 months.  There is also the fact that every email is held in said catch all, so if it get's hacked....yeah just think about it.

 

Why not tell us what it is you're trying to acomplish with this and we'll see if there isn't something better that could be done.

Why not use php to handle the form input and generate the email instead of letting the users supply the 'to' address? Your script can do all the validation necessary and then it can send the email to whatever address you want it to go to - already verified.

Why not tell us what it is you're trying to acomplish with this and we'll see if there isn't something better that could be done.

 

I second that. What you are doing seems to be overly complicated - there is more than likely a simpler solution

 

It appears you are wanting only "approved" users to submit to this process. But, I see no reason for unique email addresses for users to send to. You already verify the sender of the email address, I would think that would suffice.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.