验证传入的电子邮件发件人
[英]Authenticating incoming email sender
问题描述
I want to develop a system with which users interact by sending in email. 
我想开发一个系统,用户可以通过发送电子邮件进行交互。 Very much like most email discussion groups or like posterous. 非常像大多数电子邮件讨论组或后继。
What checks should I apply to incoming email to make sure it comes from the address it claims to be? 我应该对收到的电子邮件进行哪些检查,以确保它来自声称的地址?
1 个解决方案
解决方案1
0 2011-08-25 14:36:27
There is no method of authenticating email in a reliable, universally available and easy to use fashion. 没有以可靠,普遍可用且易于使用的方式对电子邮件进行身份验证的方法。
The best way of handling this is probably by giving your users a unique, hard to guess email address to send their emails to (something like 459f71b01809458adfe17a7d838dcb19@postbymail.yourdomain.com ). 解决此问题的最佳方法可能是为您的用户提供一个唯一的,难以猜测的电子邮件地址,以将其电子邮件发送至(例如459f71b01809458adfe17a7d838dcb19@postbymail.yourdomain.com )。 You authenticate them based on the assumption that they're the only ones who know that address. 您基于他们是唯一知道该地址的人的假设对它们进行身份验证。 When you do this, you also need to add a way for users to invalidate the address and generate a new one (in case it was compromised). 执行此操作时,还需要为用户添加一种使地址无效并生成新地址的方式(以防地址被泄露)。 And don't forget to make it easy for them to get the address in places where they can't easily copy & paste it, like on a mobile phone (easiest done by adding a button that sends them an email with the generated address as sender). 并且不要忘记让他们容易地在他们不容易复制和粘贴地址的地方获得该地址,例如在手机上(最简单的方法是添加一个按钮,向他们发送带有生成地址的电子邮件作为发件人)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.