Send to Friend: Impersonation!

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket

Tagged: impersonation, send to friend

Author

Posts
February 11, 2016 at 7:45 pm #120962

adyp
Expired Member

Post count: 496

I have just managed to email a listing recommendation though ‘Send to Friend’ pretending to be someone else – apparently from their email address! (no harm done, I pretended to be my partner and sent it to one of my own email addresses). The ‘Send to Friend’ box lets you specify a ‘from email address’ and a ‘from name’ – whether logged in or not. Clearly this is open to serious abuse!!!

Maybe it should be set up to only allow ‘Send to Friend’ using the registered email account as the ‘from’ address?

February 11, 2016 at 7:50 pm #120994

Paolo
Site Admin

Post count: 31206

Hi Adrian,

I really don’t see this as a problem and nobody else ever brought this up.

In that case all contact forms where one can specify the email address would be open for abuses.

I don’t see any opportunity for “SERIOUS” abuses to be honest.

Thanks

February 11, 2016 at 8:07 pm #121037

adyp
Expired Member

Post count: 496

But surely you cant choose who the email goes to in contact forms (not in any I have come across in any case).

As set up, anyone could send any type of email to anyone else pretending to be someone else. OK, I was thinking about a scenario where listing owners could send emails to newspaper/magazine food critics recommending their own restaurants from addresses supposedly belonging to celebrity chefs, but thinking about it any kind of malicious email could be sent to anyone, pretending to be from someone else (the equivalent of cheated-on partner taking the scissors to the wardrobe!)

Maybe I’m being to cynical about human nature!
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket

How to open a new support ticket

Support Policy

Support Forum Search