Re: Sender Spoofing via SMTP
From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 11/04/05
- Previous message: joseph martin: "RE: isa server with single network card"
- In reply to: Andrew Chong: "RE: Sender Spoofing via SMTP"
- Next in thread: dallas jordan: "Re: Sender Spoofing via SMTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Nov 2005 23:27:57 +0100 To: security-basics@securityfocus.com
On 2005-11-04 Andrew Chong wrote:
> This is a well known SMTP protocol bug.
It's not a bug, it's how SMTP is specified. There are various ways to
deal with this problem depending on what your primary concerns are
(relay mail only for your local domains, use additional authentication
mechanisms, etc.). I know that Exchange supports at least some of these
features, but can't provide details.
> Currently, two common technologies are SMIME and PGP to digitally
> sign/encrypt emails.
Neither encryption nor digital signatures are a solution to the above
mentioned problem.
Regards
Ansgar Wiechers
-- "Another option [for defragmentation] is to back up your important files, erase the hard disk, then reinstall Mac OS X and your backed up files." --http://docs.info.apple.com/article.html?artnum=25668
- Previous message: joseph martin: "RE: isa server with single network card"
- In reply to: Andrew Chong: "RE: Sender Spoofing via SMTP"
- Next in thread: dallas jordan: "Re: Sender Spoofing via SMTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
