On Tue, Dec 05, 2017 at 05:35:45PM -0800, Ian Zimmerman wrote: > > The attack uncovers bugs in how more than a dozen programs implement > > email's creaky protocol. Read the full story > > With such a tendentious title, I'm not sure I should take anything in > the article seriously. SMTP is a cleaner and more foolproof protocol > (when correctly implemented) than most that came after it.
Also, it almost makes it sound as if it's able to spoof the actual headers (i.e., the Received lines). In reality, it targets bugs in rendering the >From line. I would say that it does create an email that would fool most people... I tried a couple of the more generic test attacks against Mutt and (as expected), they didn't seem to fool it. I didn't try all 14 though. w
