[wp-trac] [WordPress Trac] #25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names
WordPress Trac
noreply at wordpress.org
Fri May 5 20:48:51 UTC 2017
#25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names
-------------------------------------------------+-------------------------
Reporter: layotte | Owner:
Type: defect (bug) | SergeyBiryukov
Priority: normal | Status: reviewing
Component: Mail | Milestone: Future
Severity: normal | Release
Keywords: has-patch dev-feedback needs- | Version: 3.8
testing | Resolution:
| Focuses:
-------------------------------------------------+-------------------------
Comment (by Ipstenu):
The point @tsimmons brings up, about emails like password resets that
shouldn't come from the admin, actually touches back on why this is
considered a security issue. Admins shouldn't get the bounced email with
the link to password reset.
In addition, some servers block emails sent FROM anyone but the domain WP
is installed on. So your personal email of foobardancingfox at gmail.com
wouldn't get the messages :( Oh and lets not think about the spoofing of
emailing from gmail while actually not being from gmail. Fast track to
being blacklisted :(
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25239#comment:69>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list