[mail-vet-discuss] secdir review
ofdraft-kucherawy-sender-auth-header-11.txt (fwd)
J D Falk
jdfalk at returnpath.net
Tue Jan 29 16:26:01 PST 2008
>> It seems likely that if this header should become popular, malware
>> would be changed to take advantage of that, and to use compromised
>> machines to spoof sender-auth headers within their own domains... so
>> this is a real threat that needs to be addressed. And it seems to me
>> that (1) is the right way to do it. So there should be something in
the
>> security considerations describing this problem, and suggesting (1)
as
>> a way to deal with it.
>
> That's more than a "security consideration".
Have the same concerns been raised in other WGs for the possibility that
somebody might hack into an IMAP server and modify messages there?
More information about the mail-vet-discuss
mailing list