× {{alert.msg}} Never ask again
Get notified about new tutorials RECEIVE NEW TUTORIALS

How is it okay for sendmail to send emails from any domain?

John Feminella
Feb 02, 2015
<p>Congrats: you've just discovered <a href="http://en.wikipedia.org/wiki/Email_spoofing">email spoofing</a>! :)</p> <p>SMTP does not perform authentication of the sort you imply that it should, e.g. verifying that someone is authorized to send mail from a certain domain -- so anyone with a machine who knows how to run <code>sendmail</code> can do this.</p> <p>Most anti-spoofing measures rely on the owner of a domain (e.g. <code>microsoft.com</code>) doing something which amounts to authenticating whether a message is really from them. For example, they may list every domain they normally send mail from; that's roughly what <a href="http://en.wikipedia.org/wiki/Sender_Policy_Framework">Sender Policy Framework</a> does.</p> <p>If the recipient's server gets a message purporting to be from microsoft.com, it can check to see if that domain lists the server that sent the message. If it doesn't, it will likely increase the probability that it's rated as spam.</p> <p>This tip was originally posted on <a href="http://stackoverflow.com/questions/24190267/How%20is%20it%20okay%20for%20sendmail%20to%20send%20emails%20from%20any%20domain?/24190373">Stack Overflow</a>.</p>
comments powered by Disqus