Mailing List Archive

Mailing List: techdiver

Banner Advert

Message Display

Date: Thu, 04 Jan 1996 22:11:35 -0500
From: Andy Schmidt <73467.2574@co*.co*>
Organization: H&M Systems Software, Inc.
To: techdiver@terra.net
Subject: Re: Bogus post my ass.. (Was Re: Bogus "join..forum" Mes.)
Ken Sallot wrote:

> > From: Joel Markwell {ATL} <73700.2054@co*.co*>
> > Message-ID: <960104061519_73700.2054_FHR56-1@Co*.CO*>

> > Message-Id: <199601040301.WAA10078@du*.co*.co*>
> > From: Joel Markwell {ATL} <73700.2054@co*.co*> 
> And look at the "received from" line again. Look, it's comming from
> compuserve as well! 
> I really do not think we have a problem with someone faking a post
> here. All of the fake posts have been easily traceable to a domain by
> the headers.

Ken, it is a known "feature" of the internet SMTP (Simple Mail Transfer
Protocol) that most 
mail servers will accept outgoing mail from ANY mail client. As long as the
message is 
properly formatted, the mail server will take it and send it on it's way. The
person with 
the mail client (e.g. a PC with any of the popular mailers or web browsers) can
set ANYTHING 
they want in the "from:" field.

Even worse, most mail servers (such as mail.compuserve.com) will accept ANY
outbound mail 
from ANYONE. This message that I'm typing RIGHT NOW is being written while I am
dialed into 
my regular Internet provider - but I have set up my mail software to route all
OUTBOUND mail 
to mail.compuserve.com. The CompuServe outbound mail server (like most others)
will NOT 
require a user id or logon or password so virtually EVERYONE can send
"CompuServe" 
orginating messages with ANYTHING they want in the UserId. In essence, this
message right 
now is a "fake" - my IP is currently on the NIS.NET subnet - but I'm posting it
through 
MAIL.COMPUSERVE.COM. Except I'm faking the from: field to my show my very own
CompuServe 
ID...

That is a know security issue on the Internet. Not just is the CONTENT of you
mail subject 
to hacking, but more importantly, in many cases there is NO way to
"authenticate" the send 
of a message. That's why conducting business on the Internet has been attempted
carefully - 
one could order $100,000 worth of goods in SOMEONE ELSES name.

I hope my message will help you to look at the matter of fake mails with
different eyes.

Best Regards
Andy Schmidt [NJ]

http://OurWorld.CompuServe.com/Homepages/Andy_Schmidt/
AOL: ASchmidt1 * GENIE: A.Schmidt1 * MSN: Andy_Schmidt

Navigate by Author: [Previous] [Next] [Author Search Index]
Navigate by Subject: [Previous] [Next] [Subject Search Index]

[Send Reply] [Send Message with New Topic]

[Search Selection] [Mailing List Home] [Home]