Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!cbatt!cbosgd!ucbvax!SIMTEL20.ARPA!MRC
From: MRC@SIMTEL20.ARPA (Mark Crispin)
Newsgroups: mod.protocols.tcp-ip
Subject: Re: SMTP, 2600, and the security of mail
Message-ID: <12242745855.7.MRC@SIMTEL20.ARPA>
Date: Mon, 29-Sep-86 04:51:33 EDT
Article-I.D.: SIMTEL20.12242745855.7.MRC
Posted: Mon Sep 29 04:51:33 1986
Date-Received: Tue, 30-Sep-86 20:25:28 EDT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 15
Approved: tcp-ip@sri-nic.arpa

Oh wow, big deal, so the little phone phreaks has discovered how to
talk to SMTP servers?  I mean, am I supposed to be impressed with
how bright they are or something?

The Internet protocols are insecure by nature.  A reasonably suspicious
host should always record the host name or IP address of the how which
actually connected to the SMTP server (the real host, not what was
claimed in a HELO).  Some hosts prevent random user programs from
making TCP connections to the SMTP port (I think Multics does), but
basically beyond knowing what host composed the message the end user
should be reasonably suspicious about any mail s/he receives.  After
all, even IP addresses can be faked, although I suspect inpersonating
the IP address of MIT-MULTICS is beyond the technical expertise of
your average phone phreak (it requires actually KNOWING something).
-------