From: Clone (c70n3@yahoo.co.in)
Date: Sun Dec 09 2007 - 20:21:56 EST
Well, did you mean Reverse-DNS? I guess Reverse-DNS &
SMTP AUTH should resolve both the issues.
Incorporating SSL on SMTP would further ensure that
emails are not stolen over the wire and there is no
identity theft.
I understand that applying SMTP AUTH wouldn't stop two
different domain SMTP servers with MX records like
smtp.xyz.com and smtp.abc.com communicate with each
other on sending or reception of email. I understand
that's what it should be like and that's what we want.
--- "Antonio Augusto (Mancha)" <khaoticmind@gmail.com>
wrote:
> SMTPAuth may be the solution for the second case,
> but for the first
> your best option is a good Antispam. Usually SMTP
> will accept any
> e-mail coming from anywhere (since there is no way
> to identify if the
> sender is valid or not).
> Antispams can block some of this using technologies
> like Domain Keys
> (to verify if the e-mail from a@abc.com really came
> from teh servers
> of abc.com), or grey listing (denying the e-mail at
> first and wait for
> the server at the other side to retry to send it),
> among others.
>
> Cheers,
> KM
>
>
> On Dec 4, 2007 3:50 AM, Clone <c70n3@yahoo.co.in>
> wrote:
> > Hi List,
> >
> > What is the best solution for blocking email
> spoofing
> > from an SMTP server? I've come across so many
> cases
> > where it is possible to telnet into an SMTP server
> and
> > spoof emails from it. A few of those common
> conditions
> > are:
> > 1. For an xyz.com SMTP server it is possible to
> send
> > emails from x@abc.com to a@xyz.com.
> > 2. For an xyz.com SMTP server it is possible to
> send
> > emails from b@xyz.com to a@xyz.com.
> >
> > SMTP AUTH looks to be the solution to me. Is there
> any
> > alternative?
> >
> > Clone
> >
> >
> > Explore your hobbies and interests. Go to
> http://in.promos.yahoo.com/groups
> >
> >
> >
>
------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution
> FREE today!
> >
> > http://www.cenzic.com/downloads
> >
>
------------------------------------------------------------------------
> >
> >
>
>
>
> --
> Informação & Segurança - Informações para sua
> segurança na rede.
> http://info-seg.blogspot.com
>
Bring your gang together - do your thing. Go to http://in.promos.yahoo.com/groups
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT