[HECnet] Fw: new message

[Sampsa Laine]

> On 9 May 2016, at 21:31, Clem Cole <clemc at ccc.com> wrote:
> 
> 
> On Mon, May 9, 2016 at 3:42 AM, Sampsa Laine <sampsa at mac.com <mailto:sampsa at mac.com>> wrote:
> How the hell does someone as theoretically techie as the people on this list get their freaking email address compromised?
> 
> ​Be careful with over arching statements.  It's trivial to forge someone else's email address.    Yes, most of us set up our systems so that the rcvr should do sender authentication, but not all receiving systems do, and it's optional etc.   So stuff happens.   As someone with a 40+ year domain name its still a problem - forgeries are ripe.
> 
> I think the better question is techie's should be able to recognize most junk that get's through the filters.   The good news is that most of it does get stopped, but those messages that do make it thru, we need to be "always watching."
> 

Actually my bad - SMTP is so broken it’s not even funny.

I remember we were having a few beers in the Students Union during my MSc and I figured that since there’s no requirement to define how much data a message contains, it would be pretty easy to just open 100+ connections to a mail server and keep feeding it crap until it falls over. So off to the testing lab we went.

In 2004 with 100 connections on 100 Mbps LAN, I think it took sendmail ABOUT 4 minutes.

Sampsa



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sonic.net/pipermail/hecnet-list/attachments/20160509/0e47af79/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.sonic.net/pipermail/hecnet-list/attachments/20160509/0e47af79/attachment.sig>