Nadav Har'El wrote:
On Wed, Feb 17, 2010, Geoff Shang wrote about "Request for help with mail
spoofing":
Given that I have this script which I am willing to send on, my questions
are:
1. What exactly is being done?
You didn't attach the script, but basically "forging" mail on the Internet
is trivial.
Here it is. Open your mail agent (say, thunderbird), go to the account
configuration, change the "my name" and "my email" settings, send the
mail. No scripting necessary.
The key point to understand is that SMTP, the "simple mail transfer protocol",
has absolutely no authentication mechanism for the "From" address. If I send
mail from n...@math.technion.ac.il, my host simply writes the line
MAIL FROM: <n...@math.technion.ac.il>
as part of the SMTP session with the receiving mail server. It could have
just as easily wrote presid...@whitehouse.gov.
Just to make things worse, what you just specified is the "envelop
sender" - what the mail servers will use in order to bounce the message.
Most servers will discard this information the moment the mail gets
successfully delivered.
The sender's address and name, as appears in mail user agents, is
actually taken from the message's BODY - even easier to spoof than that.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il