ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Caller-ID group is hiring!

2004-04-29 18:27:31
from [Dave Crocker] [Permanent Link] 

Margaret,

MO> Meng correct me if I'm wrong, but I believe that with strict SPF 
MO> records published and checked, that the forger  would have been forced


Any reasonable authentication scheme would have shown either where the
message actually came from or who actually authored.

Either type of information would have made pretty clear that this did
not come from the purported author.

Actually, there is an interesting hole in many of our discussions:
What about spoofing from _within_ an organization?  Since most
organizations suffer data theft from within, this is not a small
concern.

d/
--
 Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
 Brandenburg InternetWorking <http://www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Identity consensus and working group direction, Marshall Rose
Next by Date:  Re: Identity consensus and working group direction, Meng Weng Wong
Previous by Thread:  RFC2822 attack scenario, Meng Weng Wong
Next by Thread:  Re: Caller-ID group is hiring!, Mark Baugher
Indexes:  [Date] [Thread] [Top] [All Lists]