I'm starting to get reports from users who are saying my code that relies on Email::Address is getting spoofed. Here's a small example:
#!/usr/bin/perl use strict; use Email::Address; my $from = q...@example.com <spoofer.addr...@malicious-site.com>}; my $from2 = q{"m...@example.com" <spoofer.addr...@malicious-site.com>}; my $address = ( Email::Address->parse($from) )[0]->address; print $address . "\n"; my $address2 = ( Email::Address->parse($from2) )[0]->address; print $address2 . "\n"; As you can see, it just takes the phrase unquoted to trip this up. The first example is most likely incorrect formatting, but still works when it comes to sending the messages out for my system to receive it. Ugh. Any tried and true way to catch this spoofing? I think what's happening is that Email::Address is parsing the line as if there's two valid addresses, since I can also do this: $address = ( Email::Address->parse($from) )[1]->address; print $address . "\n"; # prints: spoofer.addr...@malicious-site.com As far as I can grok, having multiple From: addresses doesn't really make much sense (is it legal?) If so, there's my workaround. Justin