This is not exactly rails specific but within my rails application I am using ActionMailer and "receive" to process incoming emails with a cron script every 20 minutes. These emails are incoming and will be used to update user information within the database. For instance a user can update their status through email.
The problem is that I am worried about email spoofing. What is a good way to allow users to easily send an email to our server to set their information but still be able to have some degree of certainty that the user is legitimate.
I can't expect each user to securely encrypt their email or have email certificates because the average user does not have these things. Yet, I see places that have this functionality.
Any guidance or tips about how to handle this?
