[Esd-l] Re: [Esa-l] ANN: Sanitizer update - 1.135 released
John Hardin
jhardin at impsec.org
Mon May 27 09:57:01 PDT 2002
On Mon, 2002-05-27 at 09:02, Scott Taylor wrote:
> IE: Return-Path: <kqroski@ but the From line has the correct email address:
> kproski@ (notice the second character it one away).
There's little the sanitizer can do to detect that, unfortunately. I'm
very reluctant to add more steps, such as checking the domain MX records
or trying a partial delivery to validate the address.
> In another case both From: and Return-Path: are spoofed as
> <"nh today.doc"@...> with the domain as the recipient domain. This one
> really bothers me, because the recipient's domain may allow certain file
> types from within it's own domain.
Such rules should be checking the Received: headers rather than the
From: or Return-Path: headers. I suppose I ought to update my examples
to reflect that.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"To disable the Internet to save EMI and Disney is the moral
equivalent of burning down the library of Alexandria to ensure the
livelihood of monastic scribes."
-- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
361 days until The Matrix Reloaded
[demime 0.98e removed an attachment of type application/pgp-signature which had a name of signature.asc]
More information about the esd-l
mailing list