This is not exactly rails specific but within my rails application I am
using ActionMailer and “receive” to process incoming emails with a cron
script every 20 minutes. These emails are incoming and will be used to
update user information within the database. For instance a user can
update their status through email.
The problem is that I am worried about email spoofing. What is a good
way to allow users to easily send an email to our server to set their
information but still be able to have some degree of certainty that the
user is legitimate.
I can’t expect each user to securely encrypt their email or have email
certificates because the average user does not have these things. Yet, I
see places that have this functionality.
Any guidance or tips about how to handle this?