Full Disclosure mailing list archives
From field spoofing and AV responses
From: "Johnson, April" <apjohnson () seattleschools org>
Date: Tue, 27 Jan 2004 11:06:34 -0800
Question for the group? How hard would it be to have the AV software actually check the source email smtp host, and send an email to abuse () xyz com for the *actual* offending smtp server? The from field is almost worthless at this point. But the header is more reliable. Yes, it *can* be spoofed, but it's significantly more difficult. I'm nearly buried in false 'AV' responses - and worse, the users that get them are terrified because they think they've 'become infected'. I don't mind the user being wary, but the level of fear and anxiety over a false notice is becoming unworkable. Just Curious, -apjohnson (CISSP, CCNP, SCSA) Network Operations - Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- From field spoofing and AV responses Johnson, April (Jan 27)
- Re: From field spoofing and AV responses Erik van Straten (Jan 27)
- Re: From field spoofing and AV responses Michael Renzmann (Jan 27)
- Re: From field spoofing and AV responses Nick FitzGerald (Jan 28)
- Re: From field spoofing and AV responses Erik van Straten (Jan 27)