[wp-trac] [WordPress Trac] #25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names
WordPress Trac
noreply at wordpress.org
Fri May 5 21:23:30 UTC 2017
#25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names
-------------------------------------------------+-------------------------
Reporter: layotte | Owner:
Type: defect (bug) | SergeyBiryukov
Priority: normal | Status: reviewing
Component: Mail | Milestone: Future
Severity: normal | Release
Keywords: has-patch dev-feedback needs- | Version: 3.8
testing | Resolution:
| Focuses:
-------------------------------------------------+-------------------------
Comment (by cloudstek):
Replying to [comment:71 Ipstenu]:
> I don't know why we aren't consistent about email-fromness. I thought
that we were fairly consistent in that if it's a message from the system
(updates, password links etc) they came from wordpress@ across the board.
A quick look at ms-functions and it appears emails that should have a
'contact' back (like 'you've got a new blog!' on multisite), where there's
a reasonable expectation to know who mom is are sent from the network
admin.
>
> > Also, it can't be dangerous for the site admin see password reset
requests, can it? He can already reset as many passwords as he likes,
and/or set up a wordpress@ email address to the replies anyway (or may
already have a catch-all).
>
> It's a higher risk. Remember, risk isn't a 1/0 switch. There are
gradients. Most people don't make a wordpress@ email, or even a catch-all.
But also most people don't use 2FA or good passwords on their email (see
Google and Yahoo). It's possible for someone to snipe emails and get your
passwords/resets without raising a red flag like "Hey, I (the admin)
didn't ask to rent my password..."
>
> In short, it's not dangerous for the admin to have your password. It's
dangerous for the uneducated and non-security conscious admin to clear-
text read your bounced messages in a coffee shop :/ (Plus I bet the
bounces would confuse a lot of people...)
>
> Email's not very secure, is basically my point :) Or rather, people
USING email aren't very secure in general, so if using a generic
wordpress@ will protect more people at minimal cost, then we probably
should do that.
>
> I do find it interesting we have `$admin_email = 'support@' .
$_SERVER['SERVER_NAME'];` in there as a fallback if there's no admin.
One reason to send email from the admin user instead of a non-existing
wordpress@ email is that it will likely fail sender verification when it's
enabled on the receiving server and thus be rejected and not delivered.
Also to prevent people from replying to it you can set the Reply-To header
to noreply@ or if you like wordpress at . Though I find it more likely people
won't create a noreply@ address than a wordpress@ address. Therefore I'd
prefer the use of noreply@ as it makes clear you're not supposed to reply.
We wouldn't need wordpress@ for aesthetic purposes as the Reply-To field
is likely to be hidden by default in most email clients.
Preventing bounces is a little harder but according to Wikipedia there are
a number of headers that can be sent in order to direct bounce emails to a
specific (non-existing) address:
https://en.wikipedia.org/wiki/Bounce_address.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25239#comment:72>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list