|
|
 |
 |
 Events
Jobs
Premium Services
Media Kit
Network Map
E-mail Offers
Vendor Solutions
Webcasts
|
|
|
[
Home | Discussion Forum | How Do I... |
Lotus Notes Intranets |
Microsoft SharePoint |
Products |
Shopping
]
Earlier in this article we touched on the concept
of spoofing e-mail accounts. The core technical issue in this topic
is that SMTP servers talk to just about anyone. Furthermore, there is no
strong authentication procedure for an SMTP session. As a consequence,
it is trivial for someone to configure his or her desktop system to communicate
with an arbitrary SMTP server on behalf of an arbitrary mailbox. The consequence of this is simple: It is very easy to spoof e-mail. Of course,
a messaging administrator can look at the Received: headers to follow the
path that the message took in the infrastructure and then reverse-engineer
where the culprit interjected the message. Unfortunately, some sites might
mistakenly view your site as the offending party and administratively blacklist
it. In order to combat this, most SMTP servers are now configured with a list
of recipient domains that they'll accept messages for. If someone tries to
submit a message for a mailbox outside of those domains, it will be rejected.
Although this doesn't solve the spoofing problem, it helps to prevent your
site being mistaken for the culprit. |
TOC
|
Feature
