[2852] in bugtraq
Re: Validating email sender
daemon@ATHENA.MIT.EDU (Alan Brown)
Sun Jun 30 16:09:34 1996
Date: Mon, 1 Jul 1996 06:29:37 +1200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Alan Brown <alan@manawatu.planet.org.nz>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SOL.3.91.960630182904.27411A-100000@dcsun4.comp.brad.ac.uk>
On Sun, 30 Jun 1996, Squidge wrote:
> Of course, it is trivial to send a fake response to an auth query if you
> have privileges on the foreign site. The data you get back is only as
> valid as you make it.
And unfortunately there are a plethora of "fake" identds for Windows
machines.
It makes for interesting reading to see what the user@ of a ppp
connected PC is as it submits mail. Thankfully we use static IP so we
know who's sending what without having to resort to combing the logs.
AB
