[ot] internal ip address
Matt Kettler
mkettler at evi-inc.com
Thu Feb 7 16:09:39 GMT 2008
Glenn Steen wrote:
> For the
> vast majority of organizations, this is a very minor threat, not worth
> breaking RFC...
Like.. gmail?
Received: by wa-out-1112.google.com with SMTP id m16so1283782waf.14
Actually, AFAIK, that doesn't actually violate the RFCs.. you MUST add a
Received: header, but I don't see anything in 2821/2822/1123 requiring you to
add a from clause.
> I'm not saying you're wrong, just that it is ... really minor...
> compared to a lot of other email-related threats:-)... Yes, you can
> counter with "your generalization is bigger than mine"... I know I do
> it too...:-)
>
> On the whole, I see very little _real possibility_ of damages from this.
> It is a leakage, yes.... but negligible in most cases. that's MHO ate least:-).
I would agree in most cases it is very minor or negligible. I never said this
applied to most, or even very many people.
My only point was the "if it's unroutable, you can't hack it" argument isn't a
very complete view of network security.
More information about the MailScanner
mailing list