I have a website, example.com
hosted at godaddy. I was just messing around with PHP's mail
function and uploaded the following to my website at example.com
:
mail( "someone@yahoo.com", "test", "test message", "From: someone@gmail.com" );
Why does this work? I mean, it shouldn't, right? The "From" address domain isn't "@example.com". Yet, when I check my email at someone@yahoo.com, I get the message from someone@gmail.com... How is it that I'm able to (potentially) send an email from anyone's email account without their password?