Disable creating users from incoming emails [Updated in Securty Center 1.3]
Use the glide.user.trusted_domain property to specify the comma-separated list of trusted domains used in the creation of users from incoming emails.
An administrator can set an email property to automatically create users from incoming emails. If set this property to the insecure value, the instance will automatically create users from incoming email. Each user created will have the same hard coded default password which makes bypassing authentication through brute force easier.
More information
| Attribute | Description |
|---|---|
| Property name | glide.pop3readerjob.create_caller |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Authentication |
| Recommended value | false |
| Default value | false |
| Security risk rating | 5.4 |
| Functional impact | Once this property is configured, the instance only accepts emails from trusted domains. If you do not include the domain in the trusted list, there is an impact to guest users because accounts are created automatically. |
| Security risk | (Moderate) If the property is not enabled, an attacker might use an email spoofing/spamming campaign to send multiple emails resulting in the creation of more unnecessary guest users. |
| References |
To learn more about adding or creating a system property, see Add a system property.