ietf-mxcomp
[Top] [All Lists]

Re: When spoofing is.

2004-03-21 10:47:49

On Sun, Mar 21, 2004 at 05:13:47AM -0800, Hallam-Baker, Phillip wrote:

things as bad as:

    HELO mailhost.domain.tld
    MAIL FROM: <user(_at_)domain(_dot_)tld>
    RCPT TO: <user(_at_)domain(_dot_)tld>
    DATA
    ...
    Reply-to: user(_at_)domain(_dot_)tld
    Errors-to: user(_at_)domain(_dot_)tld
    From: user(_at_)domain(_dot_)tld
    To: user(_at_)domain(_dot_)tld
    Subject: Otheruser(_at_)otherdomain has send you an e-card
    ...

And we should prevent giving folk like this some pain because???


Can you distinguish between that evil postcard site based on RFC2821
identity, and a mobile user attempting to use an address other than the
one his ISP has assigned him (say, for example, his work address)?
Assume for the sake of argument that the ISP blocks outbound port 25,
465 and 587, so the entity cannot connect directly to their office MTA.

Or, shall we force everyone who travels on business to expose their
personal email accounts when conducting business while on the road? 

-- 
Mark C. Langston                                    Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org                                       
mark(_at_)seti(_dot_)org
Systems & Network Admin                                SETI Institute
http://bitshift.org                               http://www.seti.org


<Prev in Thread] Current Thread [Next in Thread>