Quote:
Originally Posted by GrumpyDave
Be careful you don't wind up with a SPAM remailer here. We don't want spammers sending us action items to buy fake Rolex's or worse. After all, once it's an action item in OF it HAS to be done, right? :)
|
Well, the email service doesn't actually add it to your OmniFocus database, it just makes it easy for you to add it yourself. If someone sends you some Rolex spam, I hope you won't tap on the "Send to OmniFocus" link.
But you do bring up a good topic…
Quote:
|
In fact this comment still applies even without the reply-to field since spammers can forge the from address. Not sure how you're going to protect this service.
|
Yes, I'm concerned about abuse too: that's part of why it's still a beta service, and why the signature at the bottom of each message says who we think sent the message and how the recipient can contact us if they have any questions or feedback. (If you ever see something sent to you which wasn't sent by you, please let us know as soon as possible!)
One thing we can do is to check to make sure the From and Sender addresses match and respect any
Sender Policy Framework DNS records associated with the sending domain so that people can protect themselves from spam which claims to be from themselves. (We could add our own list of what IP addresses are allowed to send to what people, but that seems no better and less general than implementing SPF.)
If you have any other ideas, please let us know! (And again, please do let us know if you ever receive something you didn't send yourself.)