I'd argue that RFC2821 and RFC2822 do not leave a lot to be desired. They are extremely flexible and robust protocols which when combined with other contingent internetworking protocols provide a simple and easy to use communications mechanism which has been around for over 20 years.
Sure, some might argue that Sender-ID or SPF attempt to address a critical flaw in the SMTP implementation. But since spammers are huge fans of creating SPF and Sender-ID records, one has to wonder at their effectiveness in addressing said flaw. I believe Dean has sufficiently described how such a spoof can be achieved. I'll slap him with a wet mackerel at some point for skipping straight to the answer. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Eric Fretz > Posted At: Wednesday, June 01, 2005 4:46 PM > Posted To: swynk > Conversation: Spoofing the exchange discussions list server > Subject: RE: Spoofing the exchange discussions list server > > > The spoofed messages came from intm-dl.sparklist.com > [64.62.197.83], which is the legit list server. While I > agree that SMTP (RFC2821) and Message Format (RFC2822) both > leave a lot to be desired, this does not appear to be a > simple SMTP header spoof. I even went back and scoured my > firewall logs to see what MX was connected to my MX at the > time the message was sent. The message did actually come > from the Exchange Discussions list server. > <insert twilight zone music here> > > Eric > > -----Original Message----- > From: Chris Scharff [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 01, 2005 3:06 PM > To: Exchange Discussions > Subject: RE: Spoofing the exchange discussions list server > > > They read RFC2821 and RFC2822? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of Eric Fretz > > Posted At: Wednesday, June 01, 2005 2:49 PM > > Posted To: swynk > > Conversation: Spoofing the exchange discussions list server > > Subject: Spoofing the exchange discussions list server > > > > > > Has anyone figured out how the perp spoofed e-mail messages > > to the list and impersonated Ed Crowley and others? I've got > > some mail enhancement products (The pun was intended) and low > > mortage rates I'd like to offer the list. > > > > Seriously, has anyone figured out how it happened? > > > > --Eric > > > > Eric Fretz > > Network Administrator > > L3 Communications / ComCept Division > > O: 972.772.7505 x5260 > > F: 972.772.7510 > > C: 214.794.9288 > > [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
