Sending e-mail from any address

    I noticed an error, a feature, the possibility (as not to call it) of sending an e-mail from any address when I wrote a regular php script to send an application from my website to the mail of my domain. Everything is implemented using the usual mail function, in which among the parameters there is the item “From”. Initially, I thought that there should only be my e-mail address, which should have been configured on the server in advance, but in fact it turned out to be completely different.

    How did it happen

    So, we need to send e-mail with absolutely any (as existing or not) addresses:

    1. Its domain and hosting
    I bought a regular hosting and domain registrar .

    2. Mail on the domain
    A regular mailbox was created (for example,

    3. Php-script
    The script uses the usual function mail, the parameters of the sender indicate any
    e-mail address.

    4. Redirection server It is
    also easily configured in the hosting control panel. In this case, the rule was set to send mail from to my personal box.

    What is the result?

    Sometimes these letters fall into the spam folder (but this can all be easily corrected by digging through the mail settings on the domain), but in any case they reach. For example, I sent myself a letter from the address

    Of course, not everything is so smooth.

    By pressing the buttons, you can see to whom the letter was originally sent, from which server it came, and so on. Even next to the sender's address there is an icon warning of something bad (crossed yellow lock), but what is the probability that an ordinary user will notice it? Moreover, the user's avatar (if the address exists and it is set) is loaded without any problems.

    Why it works and what to do with it is no longer my business. But this opportunity seems very dangerous, with the help of it you can mislead a huge number of people.

    Also popular now: