Security Basics mailing list archives
Re: Sender Spoofing via SMTP
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 4 Nov 2005 23:27:57 +0100
On 2005-11-04 Andrew Chong wrote:
This is a well known SMTP protocol bug.
It's not a bug, it's how SMTP is specified. There are various ways to deal with this problem depending on what your primary concerns are (relay mail only for your local domains, use additional authentication mechanisms, etc.). I know that Exchange supports at least some of these features, but can't provide details.
Currently, two common technologies are SMIME and PGP to digitally sign/encrypt emails.
Neither encryption nor digital signatures are a solution to the above mentioned problem. Regards Ansgar Wiechers -- "Another option [for defragmentation] is to back up your important files, erase the hard disk, then reinstall Mac OS X and your backed up files." --http://docs.info.apple.com/article.html?artnum=25668
Current thread:
- Sender Spoofing via SMTP brandon . steili (Nov 03)
- RE: Sender Spoofing via SMTP Andrew Chong (Nov 04)
- Re: Sender Spoofing via SMTP Thierry Zoller (Nov 07)
- Re: Sender Spoofing via SMTP Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Sender Spoofing via SMTP dallas jordan (Nov 04)
- Re: Sender Spoofing via SMTP FocusHacks (Nov 04)
- RE: Sender Spoofing via SMTP Muhammad Naseer Bhatti (Nov 04)
- Re: Sender Spoofing via SMTP Gaddis, Jeremy L. (Nov 04)
- Re: Sender Spoofing via SMTP Florian Streck (Nov 04)
- Re: Sender Spoofing via SMTP Barrie Dempster (Nov 04)
- Re: Sender Spoofing via SMTP Yousef Syed (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- <Possible follow-ups>
- Re: Sender Spoofing via SMTP jlopez2k5 (Nov 04)
(Thread continues...)
- RE: Sender Spoofing via SMTP Andrew Chong (Nov 04)