Bugtraq mailing list archives
Re: Validating email sender
From: trmatthe () comp brad ac uk (Squidge)
Date: Sun, 30 Jun 1996 18:37:10 +0100
On Sun, 30 Jun 1996, Brendan McKenna wrote:
what is the best way to ensure that the id in the From:, Sender:, or Reply-To: is actually the one that sent the message?
Gday. Use a sendmail or smtpd that uses auth (port 113). This allows you to be pretty certain of who connected to your machine to send the mail. Of course, it is trivial to send a fake response to an auth query if you have privileges on the foreign site. The data you get back is only as valid as you make it. Sounds like a good use for cryptography. Issue all the users with a secret key, and get them to encrypt their messages. Use some digital signature to ensure accountability, and you are sorted. I'd write some more, but my tea's ready. Squidge "don't mess" squidge - The Guild trmatthe () comp brad ac uk
Current thread:
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 28)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Validating email sender Brendan McKenna (Jun 30)
- Re: Validating email sender Squidge (Jun 30)
- Re: Validating email sender Alan Brown (Jun 30)
- Re: Validating email sender Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- portmapper dangers der Mouse (Jun 30)
- Re: portmapper dangers Julian Assange (Jun 30)
- Re: portmapper dangers Casper Dik (Jun 30)
- <Possible follow-ups>
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability James Seng (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Michael Constant (Jun 30)