Tim ignored_mailbox at yahoo.com.au
Tue Nov 30 11:48:54 UTC 2010


On Mon, 2010-11-29 at 19:17 -0600, Ranjan Maitra wrote:
> Is it that difficult to spoof an e-mail address and post pretending
> from there?

The current email systems don't have any way to enforce correct
identification of a sender.  So you can write (almost) whatever you like
in the "from" address header.  It may have to be potentially valid,
depending on the checks done by a mail server, but they only check that
the address is well-formed, not whether it's actually correct.

There are some ISPs who write their member's ID into the headers of all
their mail as it goes through their SMTP server, but that's not really a
regular feature of email, and it can be faked by someone else who's ISP
doesn't do that.

The only way a list server could enforce that the real subscriber
posted, would be to insist that all posts be signed with an encryption
key that's known to the server.  That might be a good idea with some
mailing lists for people who aren't trying to resolve a problem with
their computer, but a bad idea for a list where not-so-tech-savvy people
come looking for help.
> 
> I think the Fedora list may allow posts from unsubscribed individuals.

It doesn't.  Those of us with multiple email accounts who've
accidentally sent a post using the wrong address can attest that the
message doesn't get through.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.





More information about the users mailing list