Well, what matt said is exactly what I did. Everyone can do this, unfortunately:
telnet mx.hyperreal.org 25 helo FAKED_SENDER_HELO mail from: [EMAIL PROTECTED] rcpt to: [EMAIL PROTECTED] data from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] subject: blah and there your text - or even virus. then a single dot and that was was it. No one got haked, but some unverfied sender got used. since all mail adresses are NOT ownend, no one can "pay" security or even laws. the only chance is, for MTAs and relays, to check the headers for correctnes, but we live in a world where EVERYTHING MUST work, recardless of configuration errors. Thus everyone can send everyone mail faking everyone. sad. anyway, this way one gets more attention to serious flaws.
