[英]How is it okay for sendmail to send emails from any domain?
I just tried my hands with the sendmail
function as documented in Mail::Sendmail
我刚尝试使用
Mail::Sendmail
记录的sendmail
函数
I saw that I was able to send mail with a userid from any domain as long as I have an SMTP server running on localhost. 我看到只要我在localhost上运行SMTP服务器,我就可以从任何域发送带有用户标识的邮件。 How is this okay?
怎么回事? or am I missing something?
还是我错过了什么?
For instance, I was able to deliver emails with from address such as <myname>@microsoft.com
and it did deliver the same way onto my gmail inbox. 例如,我能够通过
<myname>@microsoft.com
等地址发送电子邮件,并且确实以相同的方式发送到我的gmail收件箱。 It did not even get into any junk folder/ 它甚至没有进入任何垃圾文件夹/
Congrats: you've just discovered email spoofing ! 恭喜:您刚刚发现了电子邮件欺骗 ! :)
:)
SMTP does not perform authentication of the sort you imply that it should, eg verifying that someone is authorized to send mail from a certain domain -- so anyone with a machine who knows how to run sendmail
can do this. SMTP不会执行您所暗示的类型的身份验证,例如验证某人有权从某个域发送邮件 - 因此任何拥有知道如何运行
sendmail
的计算机的人都可以执行此操作。
Most anti-spoofing measures rely on the owner of a domain (eg microsoft.com
) doing something which amounts to authenticating whether a message is really from them. 大多数反欺骗措施依赖于域的所有者(例如
microsoft.com
)做某事,这相当于验证消息是否真的来自他们。 For example, they may list every domain they normally send mail from; 例如,他们可能会列出他们通常发送邮件的每个域名; that's roughly what Sender Policy Framework does.
这大致是发件人政策框架的作用。
If the recipient's server gets a message purporting to be from microsoft.com, it can check to see if that domain lists the server that sent the message. 如果收件人的服务器收到声称来自microsoft.com的邮件,则可以检查该域是否列出了发送邮件的服务器。 If it doesn't, it will likely increase the probability that it's rated as spam.
如果没有,则可能会增加被评为垃圾邮件的可能性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.