lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040304012908.GE30117@sherohman.org>
From: esper at sherohman.org (Dave Sherohman)
Subject: E-mail spoofing countermeasures (Was: Backdoor not recognized by Kaspersky)

On Wed, Mar 03, 2004 at 04:45:57PM -0500, Lachniet, Mark wrote:
> Of course on the down side, you'd have to use your email server, with
> legit MX record as your smart host for all users (may be a hassle for
> home offices and POP clients, maybe requiring outgoing SMTP auth, but
> that's easy right?)

Let us say that I have two email accounts with two different service
providers who use two different mail servers.  (Home/work,
IM/webboards, whatever.)  Let us also say that I read mail from both
accounts using a single MUA in a single session, possibly providing
me with a unified 'virtual inbox', possibly not.  Finally, let us say
that responses to messages addressed to Address_A should appear to
come from Address_A and responses to messages addressed to Address_B
should appear to come from Address_B.  (Similar to the 'alternates'
feature of mutt, if you're familiar with that.)

All in all, I would say this seems like a very reasonable situation.
Considering that Yahoo!'s web mail interface includes the ability to
check mail on other services via POP3, I suspect that it may even be
rather common.

It is also utterly incompatible with your 'SMTP ident' suggestion
unless MUAs (and probably MTAs as well) are modified to select from
among multiple smarthosts and/or command-line sendmail based on what
address the message being sent claims to come from.

Your suggestion could also be easily defeated by the mega-spammers
(you know - the ones with enough money to con an ISP into letting
them spam without cutting them off) setting up servers with MTAs
which have been modified to claim that they recognize any
message-id from any domain.  Just set up bogus MX records pointing at
such a server, and spam (or propagate Outlook worms) to your heart's
content from anywhere you want!

-- 
The freedoms that we enjoy presently are the most important victories of the
White Hats over the past several millennia, and it is vitally important that
we don't give them up now, only because we are frightened.
  - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ