RE: email software

[Bill Gates <billgates@microsoft.com>]

On 16-Jun-2000 EricZorn@aol.com wrote:
> I've never really used anything other than my office's dedicated email 
> program (which does not allow changing the FROM: field near as I know), 
>AOL, 
> which allows made up screen names but can't alter the domain name, and free 
> e-mail services on the net, which limit you to the, say hotmail.com domain 
> name.  I've never used Eudora or any other program....can one really, fully 
> alter the FROM: address to make it, say, in the classic example,  
> billgates@microsoft.com?  And when you say "easily," how easy is it? 

If you think about it, the From: header can never be trusted, assuming you are
in the SMTP/POP3 world.  When you set up the mail client, it asks your email
address.  The SMTP session does not include authentication, and does not
require a valid user on the SMTP server for transmission of the message.  If
you had to log in as <user>@<mail_server> to send the message, some form of
From: header authentication would occur, but you don't do that.  

The From: header isn't even really noticed or cared about by the mail 
transport
agent (ie, sendmail, postfix, etc.).  

It seems to me that the ease with which one can forge the From header has to 
do
with ease-of-use -- virtual hosting for smaller businesses or personal domains
and whatnot would be more difficult, and sending mail from a friends account 
so
that replies would automatically come to your mailbox would be much harder.

Also, messages can be tracked easily without valid From headers.

The worst aspect of the ease of forging From headers, I think, is how hard it
is to explain them to victims of spam.

-Todd