[jdev] spoofing "from" attributes
Fabio Forno
fabio.forno at polito.it
Tue Feb 22 03:59:06 CST 2005
Ryan Eatmon wrote:
>
> Jabber is somewhat explicity designed NOT to allow for spoofing like
> this. That kind of thing opens the door for spam that you cannot track
> down.
>
I know, but I don't understand why I can send messages to local users
and not to users of other servers. If this is evil it should be
forbidden in both cases, and, moreover, I don't understand the error
message, 'service unavailable' which is different from something like
'forbidden' or 'malformed', which should be more appropriate.
FInally I completely understand why this is evil for client entities,
but not for components (components are under direct control of system
administrators, and if a spammer runs its own server, he or she could
send any kined messages...).
--
Fabio Forno, Ph.D. - Research Assistant
Politecnico di Torino - Dip. Automatica e Informatica
C.so Duca degli Abruzzi 24 - 10129 Torino (Italy)
Phone: +39 011 2276 102 - JabberId: sciasbat at jabber.linux.it
More information about the JDev
mailing list