So this is an authentication link which we auto generate with some token for that particular email, Where we don't want the user to forward it, even if he/she forward it, we want to know from which email address it is coming from? If it's not coming from original email we want to stop authentication. If we can get any details of email or any sort of header details or a check of email, that would be great.
3
-
Not as far as I know. When you link from a web page there's a Referer header, but I don't think there's anything equivalent when linking from a mail reader.– BarmarCommented Apr 25 at 17:33
-
1And even if you could, it's something they can easily get around by copying the link and pasting it into their browser.– BarmarCommented Apr 25 at 17:33
-
You should require the user to go through the normal password authentication when following the link.– BarmarCommented Apr 25 at 17:41
Add a comment
|
1 Answer
I had to implement such a control and I ended to link the authentication link to the recipient email. When the link is activated, a 2FA code is sent to the same mail address and is required to complete the process. Because the time is limited for imputing the code, it ensures, not at 100% but on a safer basis that the chain has not been compromised.
On another application, I coupled this with Google Authenticator... This is the safest as it is highly unsure that the user will transfer the original mail and also give its device to the other user :)
