|
|
|
|
|
|
by tman
5840 days ago
|
|
|
Posterous really does fail here. I can see why they would want to tolerate a little of this to preserve ease of use for their users (just like Amazon with their Kindle email address). However, there are a number of steps that Posterous can take to combat forged headers in ways that should not impact users at all. Enabling SPF, for example, would be a good start. Technically, it's the same problem as email spam, and most of the same tools can be used to combat it. Posterous should flag posts that they aren't sure of and make users confirm them before putting them up, etc. EDIT: The other fix would be to use an email address that can't be guessed from the blog address. In other words, the email address is the password. |
|
|
Multiply (http://multiply.com) does something similar. You set your post-by-email id. And, then email your posts to the post-by-email-id@your-multiply-id.multiply.com. You decide how complicated or easy you want your post-by-email-id to be.
As someone said, this is not 100% secure as the email address is sent as clear text as it passes through mail servers, but it's more difficult for someone to guess it.
They do perform additional checks on the message sent to make sure it came from you, perhaps similar to those that Posterous does.