[1149] in WWW Security List Archive
Re: mail port
daemon@ATHENA.MIT.EDU (James Fidell)
Thu Nov 9 12:12:52 1995
From: James Fidell <james@oit.co.uk>
To: rfjimen@tesuque.cs.sandia.gov (Ross F. Jimenez)
Date: Thu, 9 Nov 1995 13:48:30 +0000 (GMT)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.SUN.3.91.951108221322.16290B-100000@tesuque.cs.sandia.gov> from "Ross F. Jimenez" at Nov 8, 95 10:17:51 pm
Errors-To: owner-www-security@ns2.rutgers.edu
> I have a question... you can telnet to a mail port (25) and send mail
> from it,,to any person, and put it's from anybody you want, are you not
> suppose to do this,
I don't know about not being supposed to do it -- it's the way SMTP works,
after all.
> , or can anybody do this,
Yes, anyone can do it.
> can the mail be tracked ??
Yes, it *can* be tracked, after a fashion, though whether many people
*bother* to track it is a different question.
> It would seem like a big security flaw if you could send false mail so
> easily... ???
I'm not quite sure I agree that it's a *security* flaw.
James.
--
"Yield to temptation -- | Work: james@OiT.co.uk
it may not pass your way again" | Play: james@hermione.demon.co.uk
| http://www.OiT.co.uk/~james/
- Lazarus Long | James Fidell
