Re: Sender Spoofing via SMTP

From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 11/04/05

Next message: Thierry Zoller: "Re: Sender Spoofing via SMTP"

Previous message: brandon.steili_at_gmail.com: "Re: Sender Spoofing via SMTP"
In reply to: brandon.steili_at_gmail.com: "Sender Spoofing via SMTP"
Next in thread: Yousef Syed: "Re: Sender Spoofing via SMTP"
Reply: Yousef Syed: "Re: Sender Spoofing via SMTP"
Reply: Tomasz Nidecki: "Re: Sender Spoofing via SMTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: brandon.steili@gmail.com
Date: Fri, 04 Nov 2005 16:28:49 +0000

On Thu, 2005-11-03 at 15:56 +0000, brandon.steili@gmail.com wrote:
> Hi List,
>
> I know this is a common issue that does not seem to be well addressed,

The issue is well addressed, we all know it's there we all know how it
can be fixed and we all know it sucks. You can't rip out SMTP in one go
so you have to work around it, which is where things like SPF, digital
signing etc.. come in.

SMTP as it stands is a broken insecure untrustworthy protocol. It works
just like the snail mail system, anyone can send you mail and pretend to
be someone else if they like, you have to implement some sort of
verification outwith that protocol - with letters we go with signatures
with email I'd be inclined to do the same, this is where PKI based
signing and encryption comes in and in my opinion is the easiest,
cheapest most widely supported technology for this sort of
communication.

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

application/x-pkcs7-signature attachment: smime.p7s

Next message: Thierry Zoller: "Re: Sender Spoofing via SMTP"

Previous message: brandon.steili_at_gmail.com: "Re: Sender Spoofing via SMTP"
In reply to: brandon.steili_at_gmail.com: "Sender Spoofing via SMTP"
Next in thread: Yousef Syed: "Re: Sender Spoofing via SMTP"
Reply: Yousef Syed: "Re: Sender Spoofing via SMTP"
Reply: Tomasz Nidecki: "Re: Sender Spoofing via SMTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: History as Russian-Ukrainian battlefield
... What a crap ... I sort of wonder what prompted this particular editorial? ... Could it be the signing of the documents for Ukraines entry ...
(soc.culture.ukrainian)
Excessive percussion during heart operation?
... was in the signing section, so I presume repeated from some time relatively ... It was quite an interesting programme - about heart operations and the like. ... sort of thing, I'd have become violent.) ... the sound doesn't matter, I'd ask why did they leave the sound on at all, ...
(uk.tech.broadcast)
Re: proguard questions
... Is this some sort of byte code verifier? ... sort of check sum or signing? ... Canadian Mind Products, Roedy Green. ...
(comp.lang.java.programmer)
Re: Signed drivers?
... also signing your name to the thing, ... Is there some sort of official database of authorized signatures or ...
(comp.sys.mac.advocacy)