[jdev] spoofing "from" attributes
Richard Dobson
richard at dobson-i.net
Tue Feb 22 04:06:18 CST 2005
> I know, but I don't understand why I can send messages to local users and
> not to users of other servers.
Because thats up to you if you want to spoof messages to your local users,
since as the system admin you are going to be the only person able to do it.
> If this is evil it should be forbidden in both cases, and, moreover, I
> don't understand the error message, 'service unavailable' which is
> different from something like 'forbidden' or 'malformed', which should be
> more appropriate.
Possibly.
> FInally I completely understand why this is evil for client entities, but
> not for components (components are under direct control of system
A remote server cannot tell the difference between a component and a client,
and I would disbute your statement that its ok for components to be able to
spoof messages, it certainly is not.
> administrators, and if a spammer runs its own server, he or she could send
> any kined messages...).
No they cant, even if a spammer controls their own server they cannot spoof
messages, it is designed into the protocol to prevent that.
Richard
More information about the JDev
mailing list