Prevent header forgery
Monis Monther
mmmm82 at gmail.com
Sun Sep 2 09:26:17 UTC 2018
Hi Antony,
I understand it is legit , especially it is a use case for mailing lists.
However, we do not have a mailing list and it is unacceptable in an
enterprise to have some one fake his address to be someone else and send
some emails to external customers who would probably not check envelope
headers, they will only see what they get in outlook main view.
On Sun, Sep 2, 2018 at 12:16 PM Antony Stone <
Antony.Stone at mailscanner.open.source.it> wrote:
> On Sunday 02 September 2018 at 11:08:57, Monis Monther wrote:
>
> > Hi,
> >
> > Is there a way to prevent users from changing the header. We do not want
> > the envelope to be different than the header. (i.e: header from must
> match
> > return-path).
>
> Have you looked at the headers of emails on this list?
>
> For example, the message you just sent arrived with me showing, amongst
> others:
>
> Return-Path: <mailscanner-
> bounces+antony.stone=mailscanner.open.source.it at lists.mailscanner.info>
>
> From: Monis Monther <mmmm82 at gmail.com>
>
> Reply-To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
>
>
> It's perfectly common for From to be different from Return-Path.
>
>
> Regards,
>
>
> Antony.
>
> --
> I conclude that there are two ways of constructing a software design: One
> way
> is to make it so simple that there are _obviously_ no deficiencies, and
> the
> other way is to make it so complicated that there are no _obvious_
> deficiencies.
>
> - C A R Hoare
>
> Please reply to the
> list;
> please *don't* CC
> me.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
--
Best Regards
Monis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180902/8f4e27ff/attachment.html>
More information about the MailScanner
mailing list