Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Email policy question
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 20 Oct 2008 21:03:07 -0400

On Mon, 20 Oct 2008 15:33:47 CDT, Andres Holguin Coral said:
- Many research groups are using mailing-lists from outside the University
which modify the headers in such way that they appear to be originated from
an account with the @uniandes.edu.co domain.

Are you examining the RFC821 MAIL FROM: field (which usually shows up in the
headers as Return-Path:) or the RFC822 From: field (the one most people can
actually see)?

It's quite proper (and in fact, common practice - see this posting for
an example) that the 822 From: be the original author, and the 821 MAIL FROM:
point back at the address the mailing list software uses to catch bounces.
If you look at the wrong field, you'll generate errors every time somebody
from your site posts to a mailing list that sends to somebody at your site.

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault