Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: phranque
Bad idea. She made the payment to the store email address, which didn't exist in payPal.
It was our fault for not adding the store address to payPal, but we never thought we'd need it. So after the payment I went in, added it as a second email address, verified it, and voila - there's the payment in the account summary. Cool . . .
Or is it?
How many payments are out there floating around with errant email addresses? What if I went in to a high-volume eBay seller and started adding typos of their payment address to MY account? Given the fact that it's a free account or some other that I could verify. Don't think for a minute I would . . . but someone could . . .
Does the above scenario seem like a major security hole or a feature?
Guess this is another example of how using a custom email at your own domain is better then using something like gmail with free accounts where someone could register name typos.
Not sure what they were up to but someone started a wordpress blog the other day using an email from one of my domains (a catch all only used by me) ... so the wordpress install instructions were sent to me, they couldnt even log in.