On 2016-04-28, at 08:15, Jousma, David wrote:
> Speaking of SMTP (including CSSMTP), how do your shops prevent Sender
> spoofing? How do you validate that the From: in the email is authorized?
> I ask because while we use SMTP internally, mostly for mail from production
> batch jobs, we have no controls in place that would prevent someone from
> building an email that looks like it came from the President/CEO, etc. It is
> for this reason that our email team doesn’t allow mail originating from the
> mainframe to be sent external.
>
And this becomes more complicated in view of the distinction RFC 822
reasonably makes between "From:" and "Sender", e.g.:
From: George Jones <Jones@Group>
Sender: Secy@Other-Group
Much mail software obsessively prohibits this.
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
