Re: Sender Spoofing via SMTP

[Barrie Dempster <barrie () reboot-robot net>]

On Thu, 2005-11-03 at 15:56 +0000, brandon.steili () gmail com wrote:
> Hi List,
>
> I know this is a common issue that does not seem to be well addressed,

The issue is well addressed, we all know it's there we all know how it
can be fixed and we all know it sucks. You can't rip out SMTP in one go
so you have to work around it, which is where things like SPF, digital
signing etc.. come in.

SMTP as it stands is a broken insecure untrustworthy protocol. It works
just like the snail mail system, anyone can send you mail and pretend to
be someone else if they like, you have to implement some sort of
verification outwith that protocol  - with letters we go with signatures
with email I'd be inclined to do the same, this is where PKI based
signing and encryption comes in and in my opinion is the easiest,
cheapest most widely supported technology for this sort of
communication.

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description: