Sharing by email - possible security issue

BELphotosBELphotos Registered Users Posts: 102 Major grins
edited July 10, 2007 in SmugMug Support
I was recently testing the feature that allows you to share a photo or gallery by email. When I received the photo, the following message was also attached.

"This email was sent by SmugMug on behalf of Bruce Lukaszewicz <Bruce@BELphotos.com>, a SmugMug customer. [IP: 68.XXX.XXX.37]. SmugMug hates spam as much as you do. Please report any abuse or spam to [EMAIL="help@smugmug.com?subject=%5BEmail%20Abuse%20Number:%20102161%5D&body=Tell%20this%20spammer%20to%20stop:%20Bruce%20Lukaszewicz%20%3CBruce@BELphotos.com%3E,%20a%20SmugMug%20customer%20%5BIP:%2068.107.116.37%5D"]SmugMug[/EMAIL]."

Of course, that's my email and my IP address. The IP address is the problem. By clicking on the IP address, you are sent right to my router. Fortunately, my router is adequetly protected and only the login/password screen is presented.

What about the person that does not have a router or has never changed the default login/password? Of course this is not SmugMug's responsibility, however, is displaying the senders IP address really necessary when inviting someone to view a gallery/photo?

Unless there is an option that I have missed to prevent this from being sent, I propose that it be removed from the messages.

Thanks for listening.
http://www.BELphotos.com

 "Never leave home without a camera"

Comments

  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited July 6, 2007
    Hi, thanks for posting.

    I've asked for some help with this answer, stay tuned.
    Andy

    PortfolioWorkshopsFacebookTwitter
  • BELphotosBELphotos Registered Users Posts: 102 Major grins
    edited July 10, 2007
    Hi Andy...
    Just checking in... Any progress on this issue?
    Andy wrote:
    Hi, thanks for posting.

    I've asked for some help with this answer, stay tuned.
    http://www.BELphotos.com

     "Never leave home without a camera"
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited July 10, 2007
    BELphotos wrote:
    Hi Andy...
    Just checking in... Any progress on this issue?
    Sorry, I've emailed our Product manager again.
    Andy

    PortfolioWorkshopsFacebookTwitter
  • BenBen Vanilla Admin Posts: 513 SmugMug Employee
    edited July 10, 2007
    Your IP address is already included in any email you send in the headers. Your IP address is neither a big secret, nor a big security hole. Your router page only comes up to you because you are on the intranet behind the router. Any external traffic won't have access to mess with your router settings, whether it is passworded or not.

    The IP address being included is simply a tool to track and prevent abuse. It doesn't really affect you at all.

    Make sense?
    Smug since 2003
  • BELphotosBELphotos Registered Users Posts: 102 Major grins
    edited July 10, 2007
    Hi Ben / Andy....
    Thanks for the reply. That makes sense to me. It was just a little nerve rattling to see my router pop up when I clicked on the address. :eek1
    Bruce
    Ben wrote:
    Your IP address is already included in any email you send in the headers. Your IP address is neither a big secret, nor a big security hole. Your router page only comes up to you because you are on the intranet behind the router. Any external traffic won't have access to mess with your router settings, whether it is passworded or not.

    The IP address being included is simply a tool to track and prevent abuse. It doesn't really affect you at all.

    Make sense?
    http://www.BELphotos.com

     "Never leave home without a camera"
Sign In or Register to comment.