Author: David Woodhouse Date: To: S. Ancelot CC: exim-users Subject: Re: [Exim] email identity usurpation
sancelot@??? said: > I tried in my navigator to set an email account that does not exist
> (toto@???) I then sent a message to a collegue, and I could
> manage to understand that any user in my network would be able to
> send messages over internet using a wrong email adress. > How to avoid this ?
You can't. Only if a message is cryptographically signed can you trust that
a message _actually_ came from whoever it claims to have come from. Probably.
Or maybe in certain circumstances the Received: headers are enough -- if my
girlfriend mails me and the mail doesn't leave my home network, it's a
fairly safe bet it was actually her who sent it and not the cats :)