Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Validating email sender

From: trmatthe () comp brad ac uk (Squidge)
Date: Sun, 30 Jun 1996 18:37:10 +0100

On Sun, 30 Jun 1996, Brendan McKenna wrote:

what is the best way to ensure that the id in the From:, Sender:, or
Reply-To: is actually the one that sent the message?


Gday. Use a sendmail or smtpd that uses auth (port 113). This allows you
to be pretty certain of who connected to your machine to send the mail.

Of course, it is trivial to send a fake response to an auth query if you
have privileges on the foreign site. The data you get back is only as
valid as you make it.

Sounds like a good use for cryptography. Issue all the users with a
secret key, and get them to encrypt their messages. Use some digital
signature to ensure accountability, and you are sorted.

I'd write some more, but my tea's ready.

Squidge

                                "don't mess"
                             squidge - The Guild
                          trmatthe () comp brad ac uk
Previous By Date Next
Previous By Thread Next

Current thread: