Re: Mail spoofing

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Nancy Macke: "Purchase advice"
• Previous message: Trish Ferguson: "Wingate software to connect LANs with one modem"
• Maybe in reply to: Brenda Fayerman: "Mail spoofing"
• Next in thread: Alice Smithson: "Re: Mail spoofing"

In general, no, you can't prevent it with the kind of setup you're
describing. SMTP is so open and forgiving that it is totally easy to spoof
it. I have sent bogus mail to myself as part of presentations on this very
topic. The one that received the best response was from
ollie_north@whitehouse.gov making his acceptance as "president for life".
Applications like Eudora, in trying to be easy to set up and configure,
make it trivial to switch the sender's name to just about anything you
want, and choose any unsecured SMTP server to forward the mail. You could
set up a server with authentication, but your more knowledgeable students
would then just set Eudora to use another SMTP server to send the spoofed
mail. The only fairly secure way to set this us is to use a validated,
authenticated email system (and that pretty much leaves out SMTP... *heh*).

--
Bruce Carter, Instructional Software Designer     (208)385-1851@voice
Boise State University, Boise, ID  83725          (208)385-1856@fax
http://mentor.idbsu.edu/BruceCarter/home.html     bcarter@mentor.idbsu.edu

• Next message: Nancy Macke: "Purchase advice"
• Previous message: Trish Ferguson: "Wingate software to connect LANs with one modem"
• Maybe in reply to: Brenda Fayerman: "Mail spoofing"
• Next in thread: Alice Smithson: "Re: Mail spoofing"