PHP :: Bug #25683 :: Send mail from any address

Bug #25683	Send mail from any address
Submitted:	2003-09-29 03:26 UTC	Modified:	2003-09-29 05:39 UTC
From:	reveille187 at hotmail dot com	Assigned:
Status:	Not a bug	Package:	Mail related
PHP Version:	4.3.2	OS:	win32 xp sp1
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-09-29 03:26 UTC] reveille187 at hotmail dot com

Description:
------------
I'm not sure if anyone else noticed this... I run php 4.3.2 on my windows xp pc with apache 1.3. I don't have a domain name, and while exploring options on how to send mail from my pc, I found out you could send email from any address to anyone else without knowing thier password. Eg/ I could send hate mail from you@example.com where my real address is me@example.com.

Reproduce code:
---------------
<?php
ini_set("SMTP", "smtp.example.com");
ini_set("sendmail_from", "you@example.com");
mail("me@example.com", "Hate mail subject", "Body Text");
?>

Expected result:
----------------
An email in my inbox from you.

Actual result:
--------------
Same as above.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-09-29 05:36 UTC] sniper@php.net

RTFM. It's feature, not bug.

[2003-09-29 05:39 UTC] reveille187 at hotmail dot com

just checking, someone can cause some nice havoc with that feature. sorry.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jul 14 09:01:31 2025 UTC