DESKTOP EDITION CLOUD EDITION SERVER EDITION GUIDES FORUM

Email system flaw


#1

I was trying the email system the other day and all i had to do was just type my email in the box and send.
No password confirmation or anything to ensure the legitimate owner of the email was the one sending the mail.
so one can put any e mail of anyone there and the mail will be delivered and that person will appear as the sender, doesn’t this open doors for fraud?
I believe the email system of manager must be configured to ensure the legitimate owner of the email is the one sending the mail. Before the system accepts an email, it should ask of password.


#2

To use the Manager email system you need to logon to Manager and therein lies the security. Once in Manager you do not want to enter passwords every time you want to send an invoice, statement or PO.

If you use custom email you will need account detail to setup and connect to your mail server.

If you are working in a simple workstation environment to run your Manager, lock your PC with an account and solid password. This will help prevent unauthorized access to Manager email.

If Manager started prompting for passwords to do such simple functions like email I will go mad.


#3

I think @Abeiku says that you can spoof any email address and pretend you are someone else.

It’s true. But that’s not exactly problem of Manager. It’s how email protocol works. Many email servers will quietly discard such an email so if you care about deliverability, always use custom SMTP server if sending from custom email address.