PaulDotCom mailing list archives
Spoofing emails
From: natron at invisibledenizen.org (natron)
Date: Sun, 17 May 2009 10:09:36 -0500
On Fri, May 15, 2009 at 8:25 PM, John Miller <johnemiller at gmail.com> wrote:
an attacker. Requiring all incomming messages with an internal FROM address to perform some sort of authentication can help to mitigate this threat.
This works to keep MAIL FROM: addresses being spoofed to appear to come from internal users, but what about the scenario where the FROM: address in the DATA section does not match the MAIL FROM: address used in delivery? I'm not an email administrator; what are the configuration options in Exchange / Postfix / etc that allow you to force them to match? E.g.: $ telnet mail.somedomain.com 25 Trying 1.2.3.4... Connected to mail.somedomain.com Escape character is '^]'. 220 **************************************************************************************************************************************************************** HELO zyx 250 Blahblahblah says hello back MAIL FROM: some-email-address at someplace-else.com 250 Ok RCPT TO: victimuser at somedomain.com 250 Ok DATA 354 Feed me From: "IT Department" <it-dept at somdomain.com> To: "All personnel" Subject: Patch Installation - Action Required ... In the above example, the MAIL FROM: is "some-email-address at someplace-else.com" but the From: address within the DATA section is "IT Department" <it-dept at somdomain.com>. Outlook 2003 and 2007 both display the From: field given by the DATA section, not the MAIL FROM: field used to deliver the message. You only see the actual sender if you view the headers sent along with the email. What's the best solution in this case? N
Current thread:
- Spoofing emails, (continued)
- Spoofing emails Jim Halfpenny (May 14)
- Spoofing emails Robin Wood (May 14)
- Spoofing emails Jason Wood (May 14)
- Spoofing emails Jim Halfpenny (May 14)
- Spoofing emails Sam Buhlig (May 14)
- Spoofing emails d4ncingd4n at gmail.com (May 14)
- Spoofing emails Jim Halfpenny (May 15)
- Spoofing emails Jack Daniel (May 15)
- Spoofing emails John Miller (May 15)
- Spoofing emails natron (May 17)