[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: My Apologies - I just got Rooted
- From: Henk Boom <henk@...>
- Date: Mon, 28 Feb 2011 17:59:39 -0500
On 28 February 2011 10:50, Axel Kittenberger <axkibe@gmail.com> wrote:
>> Actually, it's a little more complicated than that. In this case, I didn't
>> look carefully but it would appear that Steve's credentials were
>> compromised, i.e. he lost control over his GMail account.
>
> It doesnt matter, SMTP has no sender identification mechanism. I can
> send email form anybody. Some SMTP transfer agents only accept emails
> from registered users, so if you know that agent is one, and you
> inspect the headers in detail you can tell.
>
> Thats why everybody should digitially sign all his/her emails. But we
> are all just too lazy too, and this digital signing / checking and
> keyring plugins aren't too popular. A few people care, but its not
> mainstream.
>
> BTW: Writing this from gmail myself, I didn't notice anyway a
> possibility to easily digitally sign my emails, or check the
> signatures of others in a keyring.
Although looking at the headers, it seems that we can at least verify
that your email came from gmail.com. We still have to trust them, of
course ;)
http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
henk
