[2845] in bugtraq
Validating email sender
daemon@ATHENA.MIT.EDU (Brendan McKenna)
Sun Jun 30 13:29:06 1996
Date: Sun, 30 Jun 1996 12:38:43 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Brendan McKenna <hsdc1l@rhein-neckar.netsurf.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Hi,
I hope this question is appropriate to this group, but our customers
have asked me to develop an interface to one of their applications that uses
email messages to perform certain functions. As a part of this, I have to
ensure that the sender of the email is authorized to carry out the action that
is contained in the message. My question is, given the ease with which
someone can forge email by telnet'ing to port 25, for example, what is the best
way to ensure that the id in the From:, Sender:, or Reply-To: is actually the
one that sent the message?
Any help would be greatly appreciated!
Thanks,
Brendan
