[Previous] [Next] [Index]
[Thread]
Re: mail port
> I have a question... you can telnet to a mail port (25) and send mail
> from it,,to any person, and put it's from anybody you want, are you not
> suppose to do this,, or can anybody do this, can the mail be tracked ??
> It would seem like a big security flaw if you could send false mail so
> easily... ???
Ease of forgery is a well-known problem with SMTP and NNTP. "You" are
"not supposed" to do this, but the ability to do so is hard to
remove without breaking universal mail delivery.
Logging, "Received:" headers, and address/ident lookups by sendmail do make
forgery detectable in many cases, and use of digital signatures
like PGP can provide checks on who wrote a message.
This is not really an issue for www-security, however....
--
Albert Lunde Albert-Lunde@nwu.edu
References:
- mail port
- From: "Ross F. Jimenez" <rfjimen@tesuque.cs.sandia.gov>