> How would someone spoof that, By including, e.g., "MAIL FROM: [email protected]", in the envelope. Your host's SMTP server would have no way to know that it wasn't from me.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Jeremy Nicoll [[email protected]] Sent: Thursday, February 18, 2021 3:15 PM To: [email protected] Subject: Re: XMITIP and ANTI SPOOF message On Thu, 18 Feb 2021, at 18:30, Seymour J Metz wrote: > > SMTP is inherently insecure > OTOH, the envelope ... fields can be trivially spoofed For the recipient of an email, the SMTP envelope data is stripped off by the receiving system's SMTP server, then - often - placed inside the email in a header whose format depends on the mail system concerned. For example I see X-Delivered-To: headers in some of my mail. How would someone spoof that, unless they had access to my mail hosting company's servers? -- Jeremy Nicoll - my opinions are my own. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
