Re: [Exim] email identity usurpation

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: S. Ancelot
CC: exim-users
Subject: Re: [Exim] email identity usurpation
sancelot@??? said:
> I tried in my navigator to set an email account that does not exist
> (toto@???) I then sent a message to a collegue, and I could
> manage to understand that any user in my network would be able to
> send messages over internet using a wrong email adress.


> How to avoid this ?


You can't. Only if a message is cryptographically signed can you trust that
a message _actually_ came from whoever it claims to have come from. Probably.

Or maybe in certain circumstances the Received: headers are enough -- if my
girlfriend mails me and the mail doesn't leave my home network, it's a
fairly safe bet it was actually her who sent it and not the cats :)

Welcome to the real world.

--
dwmw2