[wp-trac] [WordPress Trac] #25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names

WordPress Trac noreply at wordpress.org
Fri May 5 21:07:51 UTC 2017 

#25239: $_SERVER['SERVER_NAME'] not a reliable when generating email host names
-------------------------------------------------+-------------------------
 Reporter:  layotte                              |       Owner:
     Type:  defect (bug)                         |  SergeyBiryukov
 Priority:  normal                               |      Status:  reviewing
Component:  Mail                                 |   Milestone:  Future
 Severity:  normal                               |  Release
 Keywords:  has-patch dev-feedback needs-        |     Version:  3.8
  testing                                        |  Resolution:
                                                 |     Focuses:
-------------------------------------------------+-------------------------

Comment (by Ipstenu):

 I don't know why we aren't consistent about email-fromness. I thought that
 we were fairly consistent in that if it's a message from the system
 (updates, password links etc) they came from wordpress@ across the board.
 A quick look at ms-functions and it appears emails that should have a
 'contact' back (like 'you've got a new blog!' on multisite), where there's
 a reasonable expectation to know who mom is are sent from the network
 admin.

 > Also, it can't be dangerous for the site admin see password reset
 requests, can it? He can already reset as many passwords as he likes,
 and/or set up a wordpress@ email address to the replies anyway (or may
 already have a catch-all).

 It's a higher risk. Remember, risk isn't a 1/0 switch. There are
 gradients. Most people don't make a wordpress@ email, or even a catch-all.
 But also most people don't use 2FA or good passwords on their email (see
 Google and Yahoo). It's possible for someone to snipe emails and get your
 passwords/resets without raising a red flag like "Hey, I (the admin)
 didn't ask to rent my password..."

 In short, it's not dangerous for the admin to have your password. It's
 dangerous for the uneducated and non-security conscious admin to clear-
 text read your bounced messages in a coffee shop :/ (Plus I bet the
 bounces would confuse a lot of people...)

 Email's not very secure, is basically my point :) Or rather, people USING
 email aren't very secure in general, so if using a generic wordpress@ will
 protect more people at minimal cost, then we probably should do that.

 I do find it interesting we have `$admin_email = 'support@' .
 $_SERVER['SERVER_NAME'];` in there as a fallback if there's no admin.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/25239#comment:71>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list