On Fri, Aug 8, 2008 at 6:52 PM, Alexey Eremenko
On Sat, Aug 9, 2008 at 12:37 AM, Kai Ponte
wrote: On Friday 08 August 2008 06:28:09 am Alexey Eremenko wrote:
Kai: BTW: In your case even the Name was emulates correctly in GMail, which means that GMail doesn't checks it at all.
No, that had nothing to do with gmail. It never went through gmail.
I thought GMail would scan for all suspecious emails, and according to logical something that arrived into my GMail, with "From: al4321@gmail.com" - my email address, but never sent from my account is spoof.
It means, that GMail isn't protected :(
Alexey, It is not that simple and you've pointed out a way to work around some of the anti-spoofing technology, at least as it is now implemented. I'm pretty sure a direct email to you originating from a non-gmail SMTP claiming to be from a gmail account would get discarded. The trouble is with the mailinglist forwarding the address, google does not have enough information to know where the email originated. So, if I were a spammer, I would fake the headers to look like the email was being forwarded by a site like opensuse. So now it looks like the listserve server needs to: 1) Check for valid info on receipt to ignore spoofed email 2) Provide valid info on send to allow recipients to validate the sender. Greg -- Greg Freemyer Litigation Triage Solutions Specialist http://www.linkedin.com/in/gregfreemyer First 99 Days Litigation White Paper - http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf The Norcross Group The Intersection of Evidence & Technology http://www.norcrossgroup.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org