Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] narisumashi mail?
- Date: Mon, 11 Jun 2012 22:58:45 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: [tlug] narisumashi mail?
- References: <4FD5B2B1.2090305@dcook.org>
Darren Cook writes: > I have a couple of yahoo.co.jp accounts, mainly for testing. One just > said "このメールは、なりすましメールの可能性があります". When you say, "one just said ...", I'm going to assume you mean you received a mail from somewhere, and the Yahoo! MUA displayed that message about that mail. What this means (usually; there are other criteria, such as the obvious case of a mail purporting to be from a Yahoo! mail account which didn't originate on a machine logged into a Yahoo! server) is the mail purports to be from a domain that signs its mail using the "DKIM" protocol (there's an RFC, I forget which one) or perhaps the "SPF" protocol (another RFC, IIRC, but SPF is flawed enough that it may never have made it to the RFC stage). These protocols involve asking the DNS for information about the sender (in the case of SPF, a special SPF record for the originating machine, in the case of DKIM, a public key for the purported domain). SPF merely authenticates the originating host as allowed to send mail for the domain. DKIM also guarantees integrity of some portion of the message (a minimum of the originator headers, up to a maximum of the whole message minus later trace headers). > Looking up なりすまし it defined it as the username/password may > have been stolen, so someone may be using the account who is not > the real holder. That made no sense - it could apply to any email > account on the internet. That's quite misleading. The usual English term is "spoofing", and what it means is that an unauthorized party is claiming an identity (here, the email address in Sender, if it exists, otherwise in From). However, because the Internet was designed for "friendly users", in most protocols, the sender is actually anonymous (or can be), and any credentials in the content are unverified. A fairly exact translation of narisumashi would be impersonation, but "spoofing" in email usually is not construed to included stolen credentials, but rather simply abusing someone's trust. Spoofing is especially easy in email and netnews, but IP and domain spoofing are also common (the former requires subverting a router, the latter a nameserver). Again, the point here is that you trust (without justification) other parties on the Internet to give you valid information about identities, without actually authenticating the identity itself.
- Follow-Ups:
- Re: [tlug] narisumashi mail?
- From: Darren Cook
- Re: [tlug] narisumashi mail?
- References:
- [tlug] narisumashi mail?
- From: Darren Cook
- [tlug] narisumashi mail?
- Prev by Date: Re: [tlug] But too much logs kills the logs: How to Grok Logs
- Next by Date: [tlug] Copyright and preserving TLUG presentations [was: ...How to Grok Logs]
- Previous by thread: Re: [tlug] narisumashi mail?
- Next by thread: Re: [tlug] narisumashi mail?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |