On Wed, 15 Sep 2004, David Woodhouse wrote:
The example which really interests me is #1. Forgive me, I'll repeat it:
MAIL
FROM:<SRS0+xx+yy+example(_dot_)com+joeuser(_at_)pentafluge(_dot_)srs(_dot_)infradead(_dot_)org>
and
Received: from [2002:c1ed:8229:10:2c0:f0ff:fe31:e18] (helo=joeslaptop)
by pentafluge.infradead.org with esmtpsa id 1C7Ej2-0008II-SZ;
Tue, 14 Sep 2004 15:56:09 +0100
From: <joeuser(_at_)example(_dot_)com>
Now who can tell me if this really came from Joe or not?
How can we even tell whether it really came from example.com at all ?
Unless I overlook some big things, it would appear to me that SRS
could just be the perfect forgery mechanism ...
Rik
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan