[ot] internal ip address

Matt Kettler mkettler at evi-inc.com
Thu Feb 7 16:09:39 GMT 2008

Glenn Steen wrote:
>  For the
> vast majority of organizations, this is a very minor threat, not worth
> breaking RFC...

Like.. gmail?

Received: by wa-out-1112.google.com with SMTP id m16so1283782waf.14

Actually, AFAIK, that doesn't actually violate the RFCs.. you MUST add a 
Received: header, but I don't see anything in 2821/2822/1123 requiring you to 
add a from clause.

> I'm not saying you're wrong, just that it is ... really minor...
> compared to a lot of other email-related threats:-)... Yes, you can
> counter with "your generalization is bigger than mine"... I know I do
> it too...:-)
> On the whole, I see very little _real possibility_ of damages from this.
> It is a leakage, yes.... but negligible in most cases. that's MHO ate least:-).

I would agree in most cases it is very minor or negligible. I never said this 
applied to most, or even very many people.

My only point was the "if it's unroutable, you can't hack it" argument isn't a 
very complete view of network security.

More information about the MailScanner mailing list