Email Posts from Blogger
Aside from the "secret" email address to which posts are emailed, there doesn't appear to be any other form of validation of the posts -- the prevailing notion appears to be "security by obscurity" on this one.
Then again, bloggers are provided the option of changing the "secret email address" through the Blogger.com settings of their account, so I suppose you could make adjustments quickly if problems are detected.
Nonetheless, I wonder if there will be a new form of spam attack on the horizon, derived from this very service from Google. That is, if the email addresses can be brute forced --and they CAN be-- then the doors are open to spam posts showing up on any Google-powered blogger blog near you.
Ideally, I would prefer to see Google at least accept a list of predefined addresses from which email posts are accepted (white list) -- I realize, of course, that sender email addresses are easily spoofed, but this is just another layer of security that has to be broken before the city gates to the blogging kingdom are thrown wide open.
I'm sure that compromised email accounts are already checked for sent messages destined for *@blogger.com.
If nothing else though, perhaps the default behavior for emailed posts would be for them to NOT publish automatically, and to await validation from the account owner.
All that said, Google may, in fact, also have some flood management methods in place to detect brute forcing of email posts -- if detected, perhaps email posts for a particular blog could then be disabled.
There's not much you can do when someone's email address is compromised and exploited.
Anyway, I'm just talking out loud here though, but I'll sign-off for now and proceed with emailing this post in.
Edit: Don't email your posts in Plain Text. Use RTF or HTML formating on your email client. Plain text formats funny when it arrives at Blogger.
Labels: blogging, google, tilting at windmills
posted by Brent | 12:38 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home