Re: Sender Spoofing via SMTP

[Florian Streck <streck () papafloh de>]

On Thu, Nov 03, 2005 at 03:56:23PM -0000, brandon.steili () gmail com wrote:
> Hi List,
>
> I know this is a common issue that does not seem to be well addressed, but I was hoping you folks could give some 
> suggestions. (preferably for Exchange 2003)
> If I telnet to a system on the internet and perform the following:
...
> The server will happily forward my mail to the internal mailbox without validating anything. I did not have to 
> authenticate, I did not even have to provide a real sender on the system, I could make one up. Again, I know this is 
> a common issue, the question is how can I prevent this from happening? 

Accept only digitaly signed mails (smime/pgp/...). Reject anything else.

> With the proliferation of social engineers / phishers, etc I would like to try and find a way to prevent this, not 
> because it is a big problem but because it might become a big problem. 

Considering Spam it already is a problem.

Florian

Attachment: _bin
Description: