Mailinglist Archive: opensuse (2112 mails)
| < Previous | Next > |
SPF Was: Email Security question: Hijacked email !!! was: [opensuse] Vista
- From: "Greg Freemyer" <greg.freemyer@xxxxxxxxx>
- Date: Fri, 8 Aug 2008 12:55:31 -0400
- Message-id: <87f94c370808080955v6914007aw4942e44552e68c8d@xxxxxxxxxxxxxx>
On Fri, Aug 8, 2008 at 9:26 AM, Alexey Eremenko <al4321@xxxxxxxxx> wrote:
I've found this very informative white paper that describes three
available anti-spoofing technologies:
http://www.maawg.org/about/publishedDocuments/MAAWG_Email_Authentication_Paper.pdf
The big ISPs are already doing a lot of this, but it takes both the
sender and the recipient to implement the same technology for it to
work.
At a minimum the listserve server could implement SPF and stop
accepting email with with forged headers associated with gmail, yahoo,
hotmail, aol, etc.
Then after the listserve started supporting it, anyone using their own
domain name to send under would need to support on the sending side.
Greg
--
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Kai: Well, it feels like having a clone on the net :)
It may be fun and may be scary - depending on circumstances.
When I opened the RAW message from you, I see a lot of
"Received: ..."
Are those all recipients or "steps" in the routing of email ?
Anyway: any ideas on fighting techniques ?
Can we see the source IP address ?
If so, maybe we can use reverse DNS and compare that to the email
header "From: " address ?
Perhaps I need to learn about SMTP and SPF :)
I've found this very informative white paper that describes three
available anti-spoofing technologies:
http://www.maawg.org/about/publishedDocuments/MAAWG_Email_Authentication_Paper.pdf
The big ISPs are already doing a lot of this, but it takes both the
sender and the recipient to implement the same technology for it to
work.
At a minimum the listserve server could implement SPF and stop
accepting email with with forged headers associated with gmail, yahoo,
hotmail, aol, etc.
Then after the listserve started supporting it, anyone using their own
domain name to send under would need to support on the sending side.
Greg
--
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |