procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: detecting faked "From"

2001-07-20 03:33:01
from [Andrew Edelstein] [Permanent Link] 
On Thu, Jul 19, 2001 at 08:39:05PM -0700, Professional Software Engineering 
wrote:

I think you're thinking about the problem too much.
If the "From:" address is @geol.ucsb.edu, it doesn't much matter if it's
forged or not. The response is still going to go to an address within the
subdomain. There is no way to spoof an address in such a way that the
auto-responder will send it's responce to other than where it thinks it's
respnding.


See RFC 2821 (which superceeded 821), section 3.6.2.

Basically, From: isn't inherently the address to which a reply will be sent 
- Reply-To: would override it.  If you check the From field, then send a 
reply using the proper mechanism (formail -rtzxTo:), then you may very well 
reply to an address which differs from the From.


Yeah yeah, technically correct. I assumed that was a given. My point still
stands: you can't spoof the auto-responder into replying to an address other
than the  address to which it thinks it's replying; ie: you can't forge the
headers in such a way that, if it thinks it's sending mail to
address(_at_)geol(_dot_)ucsb(_dot_)edu, the mail is actually going to somewhere 
else. Whether
the address it's sending the responce to is derived from the From: header or
the Reply-To: header are irrelevant, so long as said address is within
geol.ucsb.edu. You can forge your headers all you want, but if it's programmed
to only send responces to addressess within geol.ucsb.edu, there is no way to
"forge" a header such that it THINKS the address is within that domain when it
isn't.


However, I agree with the basic premise that the reply address should be 
checked for the desired domain, unless some other argument is put forth as 
to why this isn't suitable.


As I said, the only case I can think of where it should matter if the actual
sender of the message is inside the legal domain or not is if the responder
performs some other action besides sending a responce, such as modefying some
data based on the content of the received message, and responding with the
results.

-- 
Every man should know how to make at least one drink from a foreign country,
preferably one taught to him by a local female with whom he has had a
complicated, unresolved, and quite possibly dangerous dalliance.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: procmail gets bad press on www.perl.com, Lars Hecking
Next by Date:  Re: if-then or something similar, Arvid Warnecke
Previous by Thread:  Re: detecting faked "From", Professional Software Engineering
Next by Thread:  Re: detecting faked "From", Professional Software Engineering
Indexes:  [Date] [Thread] [Top] [All Lists]