[Esd-l] Re: [Esa-l] ANN: Sanitizer update - 1.135 released

John Hardin jhardin at impsec.org
Mon May 27 09:57:01 PDT 2002

On Mon, 2002-05-27 at 09:02, Scott Taylor wrote:
> IE: Return-Path: <kqroski@ but the From line has the correct email address:
> kproski@  (notice the second character it one away).

There's little the sanitizer can do to detect that, unfortunately. I'm
very reluctant to add more steps, such as checking the domain MX records
or trying a partial delivery to validate the address.

> In another case both From: and Return-Path: are spoofed as
> <"nh today.doc"@...> with the domain as the recipient domain.  This one
> really bothers me, because the recipient's domain may allow certain file
> types from within it's own domain.

Such rules should be checking the Received: headers rather than the
From: or Return-Path: headers. I suppose I ought to update my examples
to reflect that.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
   361 days until The Matrix Reloaded

[demime 0.98e removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the esd-l mailing list