tobold.org

correct • elegant • free

△ comp.mail.* △

◅ MIME supporting e-mail

Internet vs. X.400 ▻

FAQ? Preventing e-mail forgery

In article <265mkf$las@vixen.cso.uiuc.edu>,
David Swofford  <swofford@uxh.cso.uiuc.edu> wrote:
>This _has_ to be a FAQ but I haven't read this group until today and
>couldn't find an FAQ here, in news.answers, or at ftp.uu.net.

There's a three part FAQ entitled "IDENTITY, PRIVACY, and ANONYMITY on
the INTERNET", archive name "net-privacy/part[123]" which covers this
topic among others.

>[ ease of forging SMTP ]
>What do people do about this?

Treat email as you would an unsigned memo.  Or a phone call from
someone unknown to you.

If you're really concerned, you should look into PEM or PGP.  Or X.400.

>                        Why can't SMTP servers demand a userid/password
>before sending mail?

Whose password?  I can't think of a scheme which would provide any
significant increase in security without destroying the ease of
connection that has contributed so much to SMTP's ubiquity.

You might be interested to compare SMTP with X.400, where each
connection is (potentially) password protected.  All it means is that
you can only connect to anyone by prior arrangement.  Like UUCP.

(To avoid any confusion, I should mention that the security features
of X.400(88) are based on decent, end-to-end, PEM-like cryptography.)

Tim.
--
Tim Goodwin  | "The telephone analogy to the PC being turned off is one
PIPEX Ltd    | of the conversants dying.  The telephone system doesn't
Cambridge UK | drop the call when this happens."  Barry Margolin.

Original headers:

From: tim@pipex.net (Tim Goodwin)
Newsgroups: comp.mail.misc
Subject: Re: FAQ? Preventing e-mail forgery
Date: 3 Sep 1993 17:17:07 +0100
Organization: PIPEX Ltd, Cambridge, UK
Message-ID: <267qm3$c99@tank.pipex.net>
References: <265mkf$las@vixen.cso.uiuc.edu>

△ comp.mail.* △

◅ MIME supporting e-mail

Internet vs. X.400 ▻