Re: Sender Spoofing via SMTP
From: Florian Streck (streck_at_papafloh.de)
Date: 11/04/05
- Previous message: Robert T: "about my dlink DI-804hv"
- In reply to: brandon.steili_at_gmail.com: "Sender Spoofing via SMTP"
- Next in thread: Tim Ballingall: "RE: Sender Spoofing via SMTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Nov 2005 00:58:23 +0100 To: security-basics@securityfocus.com
On Thu, Nov 03, 2005 at 03:56:23PM -0000, brandon.steili@gmail.com wrote:
> Hi List,
>
> I know this is a common issue that does not seem to be well addressed, but I was hoping you folks could give some suggestions. (preferably for Exchange 2003)
> If I telnet to a system on the internet and perform the following:
...
> The server will happily forward my mail to the internal mailbox without validating anything. I did not have to authenticate, I did not even have to provide a real sender on the system, I could make one up. Again, I know this is a common issue, the question is how can I prevent this from happening?
Accept only digitaly signed mails (smime/pgp/...). Reject anything else.
> With the proliferation of social engineers / phishers, etc I would like to try and find a way to prevent this, not because it is a big problem but because it might become a big problem.
Considering Spam it already is a problem.
Florian
- application/pgp-signature attachment: stored
- Previous message: Robert T: "about my dlink DI-804hv"
- In reply to: brandon.steili_at_gmail.com: "Sender Spoofing via SMTP"
- Next in thread: Tim Ballingall: "RE: Sender Spoofing via SMTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
