Craig F. Everhart (firstname.lastname@example.org)
Wed, 9 Nov 88 12:39:28 -0500 (EST)
Your plan assumes at least two things:
(a) that spoofers don't have access to privileged accounts on *any*
machine that might send mail, and
(b) that people maintaining SMTP/TCP mailers would eventually change
their SMTP senders to send from ``privileged'' ports.
Neither of these is particularly true. But most compromising is the effect
you'd get if (b) were true, the convention became widespread, and yet (a) were
false: all random spoofers would need is to be a sysadmin on some dinky
workstation, and all the ``protection'' you thought you had would vanish.
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT