[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vps-mail] How to block missuse of local msessage id

Subject: Re: [vps-mail] How to block missuse of local msessage id
From: Scott Wiersdorf <scott@xxxxxxxxxxxx>
Date: Mon, 22 Dec 2003 10:13:25 -0700

On Mon, Dec 22, 2003 at 11:45:24AM +0100, Martin Fischer wrote:
> msgid=<200312220812.hBM8CV1B041650@xxxxxxxxxxxxxxxxxxxxxx>
> 
> Why yahoo.ca is able to use message id from receiving host?

Because messageid is a field that can be set by the client. There are
two parts of an email: the envelope and the message. The only thing
that can't be faked is the RCPT TO: in the envelope. The MTA will also
log the connecting server using a reverse lookup algorithm to
determine its name. This can also be faked, but it is much harder to
fake.

This means that _any_ field in the message itself (headers, body--the
whole ball of wax) cannot be trusted.

Scott
-- 
Scott Wiersdorf
scott@xxxxxxxxxxxx
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- Re: [vps-mail] How to block missuse of local msessage id
  - From: Godwin Stewart

References:
- Re: [vps-mail] Installing new Perl modules
  - From: Arizona 1 Net
- [vps-mail] How to block missuse of local msessage id
  - From: Martin Fischer

Prev by Date: Re[2]: [vps-mail] Installing new Perl modules - solved!
Next by Date: Re: [vps-mail] How to block missuse of local msessage id
Previous by thread: [vps-mail] How to block missuse of local msessage id
Next by thread: Re: [vps-mail] How to block missuse of local msessage id
Index(es):
- Date
- Thread

Main Index | Thread Index