Thank you to all who responded.
> At 01:34 PM Thursday 3/25/99, Scott Schwartz wrote:
> >Dirk Alboth <[EMAIL PROTECTED]> writes:
> >| As I understand RFC 822 this is not violating the standard but in this
> >| case a "Sender:" field should reveal the true sender's identity
> >| (agreed?).
> >
> >Should != Must. You can't stop people from lying.
Yes, my wording was not correct. RFC 822 says "MUST".
> >Your only recourse is to cryptographically sign messages. Then the
> >recipients have some way to check the veracity of the putative
> >sender.
I'm not concerned about strong authentication but rather to only let
out mails that comply with the rfc.
> >| Now the "true" sender name will be ${TCPREMOTEINFO}@${TCPREMOTEHOST}
> >
> >Pointless, since TCPREMOTEINFO is whatever the sender wants it to be.
> >It's for debugging, not security.
Sure, the one who has control over the machine can let port 113 answer
whatever he likes. In this respect, however, a company LAN is a bit
different to the internet, right? While I can to a certain degree
control over what services run on our machines I have little control
over what users enter at a menu prompt.
> As an addendum to Scott's observations, TCPREMOTEHOST (or leastwise
> TCPREMOTEIP) is recorded in the Received: header so you have
> certainty over knowing which IP address originated the email.
>
> Of course if a malicious insider has used some other persons PC, you
> wont know from either Received: or Sender: headers. Certainly if
> someone accussed me of sending an email based solely in Sender: or
> Received: I would get most indignant (especially if I hadn't sent it
> :> )
In my case it's not a malicious user who wanted to impersonate another
one but someone who uses another domain in the From: header. I assume
it's the person's private address. One may consider this as being
correct in the rfc822 sense: if he writes a private email then the
'identity of the person who wished this message to be sent' (talking
in rfc822 language) is not [EMAIL PROTECTED] but rather
[EMAIL PROTECTED] But the 'identity of the AGENT that sends the
message' is still [EMAIL PROTECTED] because by definition he is this
person whenever he uses the computer at work.
Of course checking the mail headers, in particular the received:
header, one can track the path of the message, if one would be
concerned to identify a malicious user. But as I said that's not the
point here.
Best regards,
Dirk