Security Basics mailing list archives
Re: Sender Spoofing via SMTP
From: Florian Streck <streck () papafloh de>
Date: Fri, 4 Nov 2005 00:58:23 +0100
On Thu, Nov 03, 2005 at 03:56:23PM -0000, brandon.steili () gmail com wrote:
Hi List, I know this is a common issue that does not seem to be well addressed, but I was hoping you folks could give some suggestions. (preferably for Exchange 2003) If I telnet to a system on the internet and perform the following:
...
The server will happily forward my mail to the internal mailbox without validating anything. I did not have to authenticate, I did not even have to provide a real sender on the system, I could make one up. Again, I know this is a common issue, the question is how can I prevent this from happening?
Accept only digitaly signed mails (smime/pgp/...). Reject anything else.
With the proliferation of social engineers / phishers, etc I would like to try and find a way to prevent this, not because it is a big problem but because it might become a big problem.
Considering Spam it already is a problem. Florian
Attachment:
_bin
Description:
Current thread:
- Sender Spoofing via SMTP brandon . steili (Nov 03)
- RE: Sender Spoofing via SMTP Andrew Chong (Nov 04)
- Re: Sender Spoofing via SMTP Thierry Zoller (Nov 07)
- Re: Sender Spoofing via SMTP Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Sender Spoofing via SMTP dallas jordan (Nov 04)
- Re: Sender Spoofing via SMTP FocusHacks (Nov 04)
- RE: Sender Spoofing via SMTP Muhammad Naseer Bhatti (Nov 04)
- Re: Sender Spoofing via SMTP Gaddis, Jeremy L. (Nov 04)
- Re: Sender Spoofing via SMTP Florian Streck (Nov 04)
- Re: Sender Spoofing via SMTP Barrie Dempster (Nov 04)
- Re: Sender Spoofing via SMTP Yousef Syed (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- <Possible follow-ups>
- Re: Sender Spoofing via SMTP jlopez2k5 (Nov 04)
- Re: Sender Spoofing via SMTP jalbuquerque (Nov 04)
- RE: Sender Spoofing via SMTP Tim Ballingall (Nov 04)
- RE: Sender Spoofing via SMTP Craig Wright (Nov 04)
- Re: Sender Spoofing via SMTP brandon . steili (Nov 04)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
(Thread continues...)
- RE: Sender Spoofing via SMTP Andrew Chong (Nov 04)