On Oct 7, 2008, at 07:21 , Barbara Duprey wrote:
My outbound SMTP server sent the message, and James saw it as coming from himself. Note -- I can't guarantee that this would always work, because I *sometimes* have gotten a password request when attempting to send mail. It doesn't happen often enough for me to know what triggers that; the silent acceptance seems far more frequent. Nor am I entirely sure if it would accept the password of my account on the SMTP server's domain, or really needs the password of the "From" account. Since I don't know how to recreate the situation, I can't really test this.
Wouldn't this depend upon the configuration of the receiving server? Many of the larger ISPs have gone to requiring password authorization in an effort to stem the flood of spam with forged from addresses, i.e. exactly what we are talking about here. So this tactic should be marked with an asterisk, in that it might work - depending upon who is hosting the victim...
-- Using a rusty Amiga 4000T, a shiny PowerMac G5, & a homebuilt Ubuntu box On average, people fear spiders more than they do death. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
