well ... I have found one flaw ... and playing with it for quite a long time now ...
and the working of it goes like this .... In one line :: Yahoo pop mail server can maintain session for smtp servers , so smtp servers can relay the mail without authentication . ( sounds weired but it does ) but how :: once a client authenticates with some mail client (like outlook express ) to the pop servers (by fetching mails ) the smtp servers does not ask for any authentication when sending any mail . no user name or passwd at all.but when you try without authentication it will prompt for a username and passwd .. On top of that when after authenticating to the pop mail servers if I send a mail from their smtp server with telnet with simple commands like helo whatever mail from:<...> rcpt to:<[EMAIL PROTECTED]> // yahoo id only data ... . the "from " field is simply neglected and set to NULL rather the "reply - to" path is instead set with the from field ... on opening such mails in yahoo would simply give you a header+mail like ___________________________________________________________ X-Apparently-To: [EMAIL PROTECTED] via web9007.mail.yahoo.com; 29 Nov 2001 06:56:18 -0800 (PST) Received: from smtp016.mail.yahoo.com (216.136.174.113) by mta581.mail.yahoo.com with SMTP; 29 Nov 2001 06:56:18 -0800 (PST) Received: from unknown (HELO rohit) (xxx.xxx.xxx.xxx) by smtp.mail.vip.sc5.yahoo.com with SMTP; 29 Nov 2001 14:56:11 -0000 testing 29-11 __________________________________________________ unedited other then my IP is changed ... so if you have a yahoo mail ID then you have no way of determinning my/sender's actual source domain ... other then my IP (which can keep on changing and no way to track me in case i have a dial up account .) ...it's just like if i am sending it from my own linux box where relaying is enabled with sendmail effects :: when you click on reply to such mail in yahoo / hotmail accounts the TO Field is simply empty so one has no way to send back even if it is a fake account .in hotmail atleast the reply path shows the origination (only when you read the headers) but a guy who is a novice and does not knows about the headers has no way of determinig the user@domain . now you can not expect spamming from yahoo's branded servers this way . regards Rohit Sharma _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
