lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <33F052C3EB99AD4987E0D0E2AFB6CFE10710A3A9@snocex02.seattleschools.org> From: apjohnson at seattleschools.org (Johnson, April) Subject: From field spoofing and AV responses Question for the group? How hard would it be to have the AV software actually check the source email smtp host, and send an email to abuse@....com for the *actual* offending smtp server? The from field is almost worthless at this point. But the header is more reliable. Yes, it *can* be spoofed, but it's significantly more difficult. I'm nearly buried in false 'AV' responses - and worse, the users that get them are terrified because they think they've 'become infected'. I don't mind the user being wary, but the level of fear and anxiety over a false notice is becoming unworkable. Just Curious, -apjohnson (CISSP, CCNP, SCSA) Network Operations - Security
Powered by blists - more mailing lists