Quote:
Originally Posted by Serapth
If there was an email server dumb enough to just accept the values it was sent, sure, but in reality it's not so easy to spoof. That whole telnet to port 25 trick sure isn't going to work. Hell, Flexamail receives probably 300 emails a week with spoofed FROM addresses. Just because you send a message and claim to be X person, doesn't mean the receiving server is going to believe it.
Think about it, if email was so easily spoofed betweens domains, who would ever trust it, as one of every 3 emails sent would be from Steve Jobs or Barack Obama.
Now, emails sent within the same domain that isn't properly locked down, that is easy to spoof. But even that can be fairly easily defeated.
EDIT: Ironically, our security logs show a half dozen spoofed email attempts since 11:52 EST.
|
Cool. So how do you verify that an email claiming to be from someone is actually from them? Are you using reverse DNS lookups, or some other technique?