Autor: Michael Scott Shappe Data: A: Tim Jackson CC: exim-users, S. Ancelot Assumpte: Re: [Exim] email identity usurpation
> C'mon, be fair to the guy. Clearly he's a bit behind the times and only > just discovering that e-mail headers can be faked (!).
Back in 1991, when I was a sysadmin at Cornell University, before anyone,
anywhere, had given any serious thought to relay control, and every SMTP
server was an open relay, I used to say to anyone who asked about the
security of e-mail that I could probably teach a retarded monkey to forge
mail direct from their keyboard to port 25 in about two weeks, so I could
probably teach *them* (meaning the nontechie standing in front of me asking
the question) in about a half hour.
[Yes, that really was all one sentence. Mea culpa.]
These days, I would have to up that estimate, but only because I'd have to
teach them how to find an open relay, first.
There are answers, as you point out, and some of them even work. But in the
end, given that most people *receiving* the mail are not technically savvy,
impersonation remains painfully easy.