Yesterday I hacked together a quick script that lets me send photos to my blog and used these pictures to test it. Its real secure too – please don’t guess my secret email address for it – its not too obvious actually – but obscurity is no substitue for real security. You do have to be in a whitelist of senders but since headers can easily forged too that’s not huge protection.
How can you authenticate email interactions like this? The only way I could think of, and its such a pain that I don’t want to implement it, is to not approve the posts and send a reply to the From address asking to confirm that they sent it. That way, even if the from is forged, I’d be notified before anything appears here. However, I prefer the simplicity of having it go live without more interaction from me so if/until it gets abused I’ll try to post pictures frequently. Look for some from tonight’s DC United game.