[1155] in WWW Security List Archive
Re: mail port
daemon@ATHENA.MIT.EDU (John Pettitt)
Thu Nov 9 15:24:19 1995
Date: Thu, 9 Nov 1995 08:50:06 +0000
From: John Pettitt <jpp@software.net>
To: "Ross F. Jimenez" <rfjimen@tesuque.cs.sandia.gov>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.SUN.3.91.951108221322.16290B-100000@tesuque.cs.sandia.gov>
Errors-To: owner-www-security@ns2.rutgers.edu
On Wed, 8 Nov 1995, Ross F. Jimenez wrote:
> I have a question... you can telnet to a mail port (25) and send mail
> from it,,to any person, and put it's from anybody you want, are you not
> suppose to do this,, or can anybody do this, can the mail be tracked ??
> It would seem like a big security flaw if you could send false mail so
> easily... ???
> Curious,
yes, maybe, yes, no if you are good, yes.
so what? SMTP is not authenticated and never has been.
OB www issue - has anybody else noticed that the latest microsoft
internet explorer beta has a Clinet: header that starts Mozilla/1.22?
John Pettitt jpp@software.net
VP Engineering, CyberSource Corp. +1 415 473 3065 (V) (fax 3066)
