[wp-trac] [WordPress Trac] #25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names
WordPress Trac
noreply at wordpress.org
Fri May 5 21:07:51 UTC 2017
#25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names
-------------------------------------------------+-------------------------
Reporter: layotte | Owner:
Type: defect (bug) | SergeyBiryukov
Priority: normal | Status: reviewing
Component: Mail | Milestone: Future
Severity: normal | Release
Keywords: has-patch dev-feedback needs- | Version: 3.8
testing | Resolution:
| Focuses:
-------------------------------------------------+-------------------------
Comment (by Ipstenu):
I don't know why we aren't consistent about email-fromness. I thought that
we were fairly consistent in that if it's a message from the system
(updates, password links etc) they came from wordpress@ across the board.
A quick look at ms-functions and it appears emails that should have a
'contact' back (like 'you've got a new blog!' on multisite), where there's
a reasonable expectation to know who mom is are sent from the network
admin.
> Also, it can't be dangerous for the site admin see password reset
requests, can it? He can already reset as many passwords as he likes,
and/or set up a wordpress@ email address to the replies anyway (or may
already have a catch-all).
It's a higher risk. Remember, risk isn't a 1/0 switch. There are
gradients. Most people don't make a wordpress@ email, or even a catch-all.
But also most people don't use 2FA or good passwords on their email (see
Google and Yahoo). It's possible for someone to snipe emails and get your
passwords/resets without raising a red flag like "Hey, I (the admin)
didn't ask to rent my password..."
In short, it's not dangerous for the admin to have your password. It's
dangerous for the uneducated and non-security conscious admin to clear-
text read your bounced messages in a coffee shop :/ (Plus I bet the
bounces would confuse a lot of people...)
Email's not very secure, is basically my point :) Or rather, people USING
email aren't very secure in general, so if using a generic wordpress@ will
protect more people at minimal cost, then we probably should do that.
I do find it interesting we have `$admin_email = 'support@' .
$_SERVER['SERVER_NAME'];` in there as a fallback if there's no admin.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25239#comment:71>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list