Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!decvax!ucbvax!clyde.att.com!news
From: news@clyde.att.com (Netnews Admin)
Newsgroups: mod.protocols.tcp-ip
Subject: Submission for mod-protocols-tcp-ip
Message-ID: <8609281848.AA25936@clyde.ATT.COM>
Date: Sun, 28-Sep-86 14:48:57 EDT
Article-I.D.: clyde.8609281848.AA25936
Posted: Sun Sep 28 14:48:57 1986
Date-Received: Sun, 28-Sep-86 20:29:29 EDT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 24
Approved: tcp-ip@sri-nic.arpa

Path: clyde!cbatt!cbosgd!mark
From: mark@cbosgd.ATT.COM (Mark Horton)
Newsgroups: mod.protocols.tcp-ip
Subject: Re: SMTP, 2600, and the security of mail
Message-ID: <2629@cbosgd.ATT.COM>
Date: 28 Sep 86 15:54:40 GMT
References: <8609280151.AA12210@ucbvax.Berkeley.EDU>
Organization: AT&T Bell Laboratories, Columbus, Oh
Lines: 13
Summary: False SMTP mail is easy to generate, but so is false paper mail

AUERBACH@CSL.SRI.COM (Karl Auerbach) writes:
> A while back I saw a copy of a newsletter titled "2600" which included
> source code demonstrating how one could pretend to be an SMTP engine and
> inject false mail into a host.  Although the code had a few flaws, its
> general structure looked plausable (and short -- about 25 lines of C).

Sure it is.  But that's not surprising.  I can easily generate false
paper mail with a phony return address, and dump it into a paper
mailbox, too.

Nobody ever said EMail was hard to forge.

	Mark