[Mimedefang] sendmail spf milter plugin for sendmail 8.13.0
Jeff Rife
mimedefang at nabs.net
Fri Aug 20 02:29:56 EDT 2004
On 19 Aug 2004 at 23:20, Jose Marcio Martins da Cruz wrote:
> The only thing DomainKeys is to tell : "OK ! This is a message sent by
> my domain".
No, it doesn't do that.
The only thing DomainKeys does is say "this message has some random
user-generated text (the From: header) with my domain name". It may
have come from *anywhere*, as David outlined:
1. Send yourself a message from Yahoo to someplace else so you get a
message signed with DomainKeys.
2. Feed the resulting received e-mail with *no* changes that alter the
signature into the SMTP pipeline (which sends based on envelope
recipient)...forge the envelope sender, of course. You can use
almost any very simple script to do this.
3. Watch as Yahoo gets berated because "this junk came from you...I
verified it with the tool you designed!"
--
Jeff Rife |
SPAM bait: |
http://www.nabs.net/Cartoons/ShermansLagoon/OtherWhiteMeat.jpg
AskDOJ at usdoj.gov |
spam at ftc.gov |
More information about the MIMEDefang
mailing list