Support » Plugin: Host Header Injection Fix » Email Return Path

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Jeff Starr

    (@specialk)

    The setting, “Email Return Path” says:

    “Use From address for Return-Path (applies to all email sent from this site)”

    So that means that if you enable the setting, the “Email From Address” will be used as the “Return-Path” header for all outgoing email (sent via WP). If your email address is on the same domain as the site (e.g., email@example.com), then you may enable the setting. If you are using a 3rd-party email service (e.g., hotmail), then you probably want to leave that setting disabled.

    Thread Starter martychc23

    (@martychc23)

    ok, what about if i’m using a 3rd-party email service that allows me to create emails with my domain? e.g., me@mydomain.com Does that make a difference?

    Plugin Author Jeff Starr

    (@specialk)

    For that I am not sure.. it should be fine as long as the email address matches up with the sending domain (i.e., return path). But I am not an email expert, just a WP expert 🙂

    Thread Starter martychc23

    (@martychc23)

    In this case, would i be any less secure/would the plugin be less effective, if i left this checkbox unchecked?

    Plugin Author Jeff Starr

    (@specialk)

    Nope. With that setting either enabled or disabled, the plugin still protects against the HHI vulnerability. The return path header setting is just a bonus that can improve email functionality in general.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Email Return Path’ is closed to new replies.