Just making it clear right from the start that this error involves emails being sent to the admin, and not to the registering user.
Well, I've been doing a few test registrations with my site (not live yet), and I've found something rather troubling with the email that gets sent to me when a user registers. Joomla! will send an email to my admin email, but also to another email. I've tested this four times, and once it went to the email I registered the new user with, which is fine, I'm pretty sure thats whats supposed to happen. However, the other three times, the email was (part of registration email I entered before the @ sign)@premium8.geo.yahoo8.akadns.net. I never typed @premium8.geo.yahoo8.akadns.net (trust me, thats far too long for me to bother with) anywhere. As these emails contain usernames and passwords, its obviously not a good thing for them to be going to some random email address.
As I understand the above can be confusing, I'll provide an example:
Lets say I register with the email
fake@website.com.
My admin account later recieves an email with the username/password info, however, the same email goes to
fake@premium8.geo.yahoo8.akadns.net.
This happened both on a nightly build from about a week ago, and the latest nightly build. This is a MAJOR cause for concern, as it seems to indicate a fairly serious security issue.
EDIT: Whoops, forgot system info
PHP Built on: Linux new-host-4 2.6.20-1.2962.fc6 #1 SMP Tue Jun 19 19:27:14 EDT 2007 i686
Database Version: 5.0.27
Database Collation: utf8_general_ci
PHP Version: 5.1.6
Web Server: Apache/2.2.4 (Fedora)
Web Server to PHP interface: apache2handler
Joomla! Version: Joomla! 1.5.0 Development [ Khepri ] 04-May-2007 00:00 GMT
User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070530 Fedora/1.5.0.12-1.fc6 Firefox/1.5.0.12
