| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: esper at sherohman.org (Dave Sherohman) Subject: E-mail spoofing countermeasures (Was: Backdoor not recognized by Kaspersky) On Wed, Mar 03, 2004 at 04:45:57PM -0500, Lachniet, Mark wrote: > Of course on the down side, you'd have to use your email server, with > legit MX record as your smart host for all users (may be a hassle for > home offices and POP clients, maybe requiring outgoing SMTP auth, but > that's easy right?) Let us say that I have two email accounts with two different service providers who use two different mail servers. (Home/work, IM/webboards, whatever.) Let us also say that I read mail from both accounts using a single MUA in a single session, possibly providing me with a unified 'virtual inbox', possibly not. Finally, let us say that responses to messages addressed to Address_A should appear to come from Address_A and responses to messages addressed to Address_B should appear to come from Address_B. (Similar to the 'alternates' feature of mutt, if you're familiar with that.) All in all, I would say this seems like a very reasonable situation. Considering that Yahoo!'s web mail interface includes the ability to check mail on other services via POP3, I suspect that it may even be rather common. It is also utterly incompatible with your 'SMTP ident' suggestion unless MUAs (and probably MTAs as well) are modified to select from among multiple smarthosts and/or command-line sendmail based on what address the message being sent claims to come from. Your suggestion could also be easily defeated by the mega-spammers (you know - the ones with enough money to con an ISP into letting them spam without cutting them off) setting up servers with MTAs which have been modified to claim that they recognize any message-id from any domain. Just set up bogus MX records pointing at such a server, and spam (or propagate Outlook worms) to your heart's content from anywhere you want! -- The freedoms that we enjoy presently are the most important victories of the White Hats over the past several millennia, and it is vitally important that we don't give them up now, only because we are frightened. - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)
Powered by blists - more mailing lists