Here's a scenario; I want to send email using PHP and Zend Framework. Here's an example on how this is usually done:
$smtp = new \Zend_Mail_Transport_Smtp(array(
'host'=> 'localhost'
, 'auth' => 'login'
, 'ssl' => 'TLS'
, 'username' => 'john'
, 'password' => '123'));
\Zend_Mail::setDefaultTransport($smtp);
$mail = new \Zend_Mail();
$mail->addTo('jane.smith@localhost', 'Jane Smith');
$mail->setSubject('Greetings');
$mail->setBodyText('Hi there');
$mail->setFrom('john.smith@localhost', 'John Smith');
$mail->send();
My question is, how can we make sure that the from address (in this case 'john.smith@localhost') actually exists and it belongs to the username and password provided to SMTP connection? Because if it is not, then I can send email on behalf of anyone!
[UPDATE]
I believe I found a partial answer to my own question. It should be done through IMAP / POP3 protocols. But yet these two protocols take in a username and password in order to athenticate and so you can not check for the association between the provided username and an email address. So the question is how to authenticate an email address through IMAP / POP3 in PHP and Zend Framework?
