However, I immediately noticed it seems anyone can add any content to anyone’s queue if they know or guess their username — since everyone sends mail to the same address (add@getpocket.com), you only have to forge the From: email header (which is, of course, trivially easy).
However, I immediately noticed it seems anyone can add any content to anyone’s queue if they know or guess their username — since everyone sends mail to the same address (add@getpocket.com), you only have to forge the From: email header (which is, of course, trivially easy).