Submission for mod-protocols-tcp-ip


Netnews Admin (news@clyde.att.com)
28 Sep 86 18:48:57 GMT


Path: clyde!cbatt!cbosgd!mark
From: mark@cbosgd.ATT.COM (Mark Horton)
Newsgroups: mod.protocols.tcp-ip
Subject: Re: SMTP, 2600, and the security of mail
Message-ID: <2629@cbosgd.ATT.COM>
Date: 28 Sep 86 15:54:40 GMT
References: <8609280151.AA12210@ucbvax.Berkeley.EDU>
Organization: AT&T Bell Laboratories, Columbus, Oh
Lines: 13
Summary: False SMTP mail is easy to generate, but so is false paper mail

AUERBACH@CSL.SRI.COM (Karl Auerbach) writes:
> A while back I saw a copy of a newsletter titled "2600" which included
> source code demonstrating how one could pretend to be an SMTP engine and
> inject false mail into a host. Although the code had a few flaws, its
> general structure looked plausable (and short -- about 25 lines of C).

Sure it is. But that's not surprising. I can easily generate false
paper mail with a phony return address, and dump it into a paper
mailbox, too.

Nobody ever said EMail was hard to forge.

        Mark



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:36:36 GMT