leeprice89 Posted May 10, 2015 Share Posted May 10, 2015 (edited) I'm hoping you can clear up something for me. I was trying to find a way for my users to send an email to a unique email address and then use PHP to collect the mail and save the message into a database. I know I'm using PHPs IMAP functions to collect the mail but I was wondering if this would be a safe way to create a unique email address for every user, there could be potentially hundreds or thousands of accounts... Setup a 'catch all' to forward all emails to single mailbox - lets say mailbox@example.com. Give users a unqiue email for each user e.g. mb1234@example.com (not a real email address) Use PHP imap functions to connect to mailbox@example.com So far we have EVERY email sent to any email address at @example.com We check the 'to' header to see which mailbox the email was sent We check the 'from' header to see if the sending user is authorised to send mail to this mail account Store the message in the database I know the headers of the email can be spoofed, especially the 'from' header, which is why I will encourage my users to not share their unique email address with anyone. Other than that though, are they any potential draw backs to this method, or security risks or anything I should take into consideration? If so are there any better methods I should use? Hope I've provided enough information, but please let me know if I haven't been clear Thanks in advance Edited May 10, 2015 by leeprice89 Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted May 11, 2015 Share Posted May 11, 2015 further risks? I will encourage my users to not share their unique email address with anyoneThat. or more specifically my users When you take controlls away from yourself and give them to lesser mortals then brown material hits rotating blades with startling regularity. Plus, multiply hunderes of thousands of mailboxes, by even just tens of emails a day and then think of how much storage your catch-all address is going to need to operate for 12 months. There is also the fact that every email is held in said catch all, so if it get's hacked....yeah just think about it. Why not tell us what it is you're trying to acomplish with this and we'll see if there isn't something better that could be done. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted May 11, 2015 Share Posted May 11, 2015 Why not use php to handle the form input and generate the email instead of letting the users supply the 'to' address? Your script can do all the validation necessary and then it can send the email to whatever address you want it to go to - already verified. Quote Link to comment Share on other sites More sharing options...
Psycho Posted May 11, 2015 Share Posted May 11, 2015 Why not tell us what it is you're trying to acomplish with this and we'll see if there isn't something better that could be done. I second that. What you are doing seems to be overly complicated - there is more than likely a simpler solution It appears you are wanting only "approved" users to submit to this process. But, I see no reason for unique email addresses for users to send to. You already verify the sender of the email address, I would think that would suffice. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.