RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability

["Larry Seltzer" <larry () larryseltzer com>]

> > Within the SMTP header, when the From field contains multiple
comma-separated addresses, Outlook and OWA will only display the first
address.  

Why is this called a "spoofing vulnerability"? It's not like the From:
address in SMTP is reliable anyway.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer () ziffdavis com