The XMITIP Anti-Spoof block provides zero protection - just awareness of who the original sender is. It just uses the SMTP/CSSMTP server so anyone can bypass XMITIP once they know the correct message format.
Is it perfect - no. Does it work - yes. Is it useful within a company - yes. And the price is right 😊 Lionel B. Dyck <sdg>< Website: https://www.lbdsoftware.com "Worry more about your character than your reputation. Character is what you are, reputation merely what others think you are." - John Wooden -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Paul Gilmartin Sent: Thursday, February 18, 2021 11:49 AM To: [email protected] Subject: Re: XMITIP and ANTI SPOOF message On Thu, 18 Feb 2021 11:16:41 -0600, Lionel B Dyck wrote: >XMITIP does not provide a digital signature and does not utilize a CA. The >antispoof is a block of text with the senders userid/date/time jobname, jobid, >system name, node name, and user name that is added by XMITIP when sending any >email. > What anti-spoof protection does this provide? Might a (fe)malefactor send a message directly via CSSMTP with a counterfeit anti-spoof block? Does CSSMTP add X-headers containing similar information? Is there a tool to verify the anti-spoof block? Is that widely used? Does anyone use XMITIP to post to IBM-MAIN? Thanks, gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
