chk@dretor.dciem.dnd.ca (C. Harald Koch) (12/08/88)
Current logic floating around the network: If you get abusive mail from someone, send mail to the postmaster at the originating system. This postmaster will of course take appropriate steps to deny the user access to his system or mailers, solving the problem. There is a flaw in this reasoning: It is trivial to forge a mail message using current mailers. SMail 2.5 will blindy accept any message headers you care to type in. SMTP mailers trust anything coming in over TCP. So what's to stop someone from being malicious under an assumed name? Or even setting up a message that comes from the target user? (.i.e a message From: chk@dretor.dciem.dnd.ca To: chk@dretor.dciem.dnd.ca) How do you stop abusive mail then? Food for Thought, -chk -- C. Harald Koch NTT Systems, Inc., Toronto, Ontario chk@zorac.dciem.dnd.ca, chk@gpu.utcs.toronto.edu, chk@chk.mef.unicus.com Note: some sites may still have zorac.dciem.dnd.ca as zorac.ARPA. "I give you my phone number. If you worry, call me. I'll make you happy."