Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!cbatt!ihnp4!qantel!lll-lcc!lll-crg!nike!ucbcad!ucbvax!cbosgd.att.com!mark
From: mark@cbosgd.att.com (Mark Horton)
Newsgroups: mod.protocols.tcp-ip
Subject: Submission for mod-protocols-tcp-ip
Message-ID: <8609290025.AA29356@cbosgd.ATT.COM>
Date: Sun, 28-Sep-86 20:25:35 EDT
Article-I.D.: cbosgd.8609290025.AA29356
Posted: Sun Sep 28 20:25:35 1986
Date-Received: Tue, 30-Sep-86 13:18:34 EDT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 24
Approved: tcp-ip@sri-nic.arpa

Path: cbosgd!mark
From: mark@cbosgd.ATT.COM (Mark Horton)
Newsgroups: mod.protocols.tcp-ip
Subject: Re: SMTP, 2600, and the security of mail
Message-ID: <2632@cbosgd.ATT.COM>
Date: 29 Sep 86 00:25:32 GMT
References: <8609280151.AA12210@ucbvax.Berkeley.EDU>
Organization: AT&T Bell Laboratories, Columbus, Oh
Lines: 13
Summary: False SMTP mail is easy to generate, but so is false paper mail

AUERBACH@CSL.SRI.COM (Karl Auerbach) writes:
> A while back I saw a copy of a newsletter titled "2600" which included
> source code demonstrating how one could pretend to be an SMTP engine and
> inject false mail into a host.  Although the code had a few flaws, its
> general structure looked plausable (and short -- about 25 lines of C).

Sure it is.  But that's not surprising.  I can easily generate false
paper mail with a phony return address, and dump it into a paper
mailbox, too.

Nobody ever said EMail was hard to forge.

	Mark