9 May
2016
9 May
'16
10:08 p.m.
On 9 May 2016, at 21:31, Clem Cole <clemc at
ccc.com> wrote:
On Mon, May 9, 2016 at 3:42 AM, Sampsa Laine <sampsa at mac.com <mailto:sampsa at
mac.com>> wrote:
How the hell does someone as theoretically techie as the people on this list get their
freaking email address compromised?
?Be careful with over arching statements. It's trivial to forge someone else's
email address. Yes, most of us set up our systems so that the rcvr should do sender
authentication, but not all receiving systems do, and it's optional etc. So stuff
happens. As someone with a 40+ year domain name its still a problem - forgeries are
ripe.
I think the better question is techie's should be able to recognize most junk that
get's through the filters. The good news is that most of it does get stopped, but
those messages that do make it thru, we need to be "always watching."
Actually my bad - SMTP is so broken it?s not even funny.
I remember we were having a few beers in the Students Union during my MSc and I figured
that since there?s no requirement to define how much data a message contains, it would be
pretty easy to just open 100+ connections to a mail server and keep feeding it crap until
it falls over. So off to the testing lab we went.
In 2004 with 100 connections on 100 Mbps LAN, I think it took sendmail ABOUT 4 minutes.
Sampsa