cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
0 Likes

Restrict the FROM= email option

Status: New Suggestion Submitted by Lapis Lazuli | Level 10 on ‎08-08-2025 03:08 AM
2 Comments (2 New)

Please add an option to restrict the FROM= email option to a single value like "sas@example.com" or else force it to be the userid of the user running the SAS process. The current implementation allows spoofing by someone who changes the FROM= option to impersonate others.

See more ideas labeled with:
2 Comments
Patrick
Opal | Level 21
Opal | Level 21
‎08-08-2025 04:26 AM
‎08-08-2025 04:26 AM

And what about these not so uncommon use cases where email notifications are sent as part of scheduled batch processing?

There can be multiple processes running under a single functional user but with different teams looking after different processes. There is a need that the FROM can be a team specific group email address for email recipients to respond to. It certainly shouldn't be someones individual email address.

 

I want SAS to support as much email server functionality as possible. If this also allows for spoofing then that's an issue which needs to be addressed at another place: Starting with HR and who gets hired plus with ongoing monitoring. It's imho not a technical issue that requires a technical solution.

 

 

0 Likes
EyalGonen
Lapis Lazuli | Level 10
Lapis Lazuli | Level 10
‎08-08-2025 04:48 AM
‎08-08-2025 04:48 AM

I think SAS should enable admins to choose which user accounts will be limited/restricted to specify the FROM= and which are not.

This pre-user functionality is possible with the EMAILSYS= system option (I used it) and it would be nice to have this also for the FROM= option.

0 Likes