Security Basics mailing list archives
Re: Sender Spoofing via SMTP
From: Barrie Dempster <barrie () reboot-robot net>
Date: Fri, 04 Nov 2005 16:28:49 +0000
On Thu, 2005-11-03 at 15:56 +0000, brandon.steili () gmail com wrote:
Hi List, I know this is a common issue that does not seem to be well addressed,
The issue is well addressed, we all know it's there we all know how it can be fixed and we all know it sucks. You can't rip out SMTP in one go so you have to work around it, which is where things like SPF, digital signing etc.. come in. SMTP as it stands is a broken insecure untrustworthy protocol. It works just like the snail mail system, anyone can send you mail and pretend to be someone else if they like, you have to implement some sort of verification outwith that protocol - with letters we go with signatures with email I'd be inclined to do the same, this is where PKI based signing and encryption comes in and in my opinion is the easiest, cheapest most widely supported technology for this sort of communication. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description:
Current thread:
- Sender Spoofing via SMTP brandon . steili (Nov 03)
- RE: Sender Spoofing via SMTP Andrew Chong (Nov 04)
- Re: Sender Spoofing via SMTP Thierry Zoller (Nov 07)
- Re: Sender Spoofing via SMTP Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Sender Spoofing via SMTP dallas jordan (Nov 04)
- Re: Sender Spoofing via SMTP FocusHacks (Nov 04)
- RE: Sender Spoofing via SMTP Muhammad Naseer Bhatti (Nov 04)
- Re: Sender Spoofing via SMTP Gaddis, Jeremy L. (Nov 04)
- Re: Sender Spoofing via SMTP Florian Streck (Nov 04)
- Re: Sender Spoofing via SMTP Barrie Dempster (Nov 04)
- Re: Sender Spoofing via SMTP Yousef Syed (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- <Possible follow-ups>
- Re: Sender Spoofing via SMTP jlopez2k5 (Nov 04)
- Re: Sender Spoofing via SMTP jalbuquerque (Nov 04)
- RE: Sender Spoofing via SMTP Tim Ballingall (Nov 04)
- RE: Sender Spoofing via SMTP Craig Wright (Nov 04)
- Re: Sender Spoofing via SMTP brandon . steili (Nov 04)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
- Re: Sender Spoofing via SMTP Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
(Thread continues...)
- RE: Sender Spoofing via SMTP Andrew Chong (Nov 04)