*envelope sender* Thomas
Von: Charles Marcus <cmar...@media-brokers.com> An: assp-test@lists.sourceforge.net Datum: 24.05.2010 13:24 Betreff: Re: [Assp-test] Email interface - admin email security question On 2010-05-24 12:33 AM, Thomas Eckardt wrote: >> *...@*=>thatu...@ourdomin.org=>10 <*...@*=%3ethatuser@ourdomin.org=%3E10> > This syntax is only allowed to admins. >> What's to stop a clever local user from sending an email using an admin >> address and removing all blacklist entries. > Nothing else than your companies rules that it is not allowed to > users to change there email address. The better question is... when evaluating these requests, does ASSP consider the 'From' *header*, or the *envelope sender*? Anything other than the envelope sender is easily spoofed and should never be used for administrative tasks like this. -- Best regards, Charles ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
