Which of the following best describes why e-mail spoofing is easily executed?
A.
SMTP lacks an adequate authentication mechanism.
B.
Administrators often forget to configure an SMTP server to prevent inbound SMTP connections for domains it doesn’t serve.
C.
Keyword filtering is technically obsolete.
D.
Blacklists are undependable.
Explanation:
A: E-mail spoofing is easy to execute because SMTP lacks an adequate authentication mechanism. An attacker can spoof e-mail sender addresses by sending a TELNET
command to port 25 of a mail server followed by a number of SMTP commands. Spammers use e-mail spoofing to obfuscate their identity. Oftentimes, the purported sender of a
spam e-mail is actually another victim of spam whose e-mail address has been sold to or harvested by a spammer.
B is incorrect because the answer alludes to open mail relay servers. The failure to configure an SMTP server to prevent SMTP connections for domains it doesn’t serve is not
a common mistake. It is well known that an open mail relay allows spammers to hide their identity and is a principal tool in the distribution of spam. Open mail relays are,
therefore, considered a sign of bad system administration. An open relay is not required for e-mail spoofing.
C is incorrect because keyword filtering is a countermeasure that can be used to help suppress spam. While keyword filtering by itself was popular at one time, it is no longer
an effective countermeasure when used just by itself. Keyword filtering is prone to false positives and spammers have found creative ways to work around it. For example,
keywords may be intentionally misspelled or one or two letters of a common word swapped with a special character.
D is incorrect because blacklists list open mail relay servers that are known for sending spam. Administrators can use blacklists to prevent the delivery of e-mail originating
from those hosts in an effort to suppress spam. However, blacklists cannot be depended upon for complete protection because they are often managed by private organizations
and individuals according to their own rules.
E-mail spoofing is easy to execute because SMTP lacks an adequate authentication mechanism. An attacker can spoof e-mail sender addresses by sending a TELNET
command to port 25 of a mail server followed by a number of SMTP commands. Spammers use e-mail spoofing to obfuscate their identity. Oftentimes, the purported sender of a spam e-mail is actually another victim of spam whose e-mail address has been sold to or harvested by a spammer.
電子郵件欺騙是很容易執行,因為SMTP缺乏足夠的認證機制。攻擊者可以通過發送TELNET欺騙的電子郵件發件人地址 命令到郵件服務器後跟數字SMTP命令的端口25。垃圾郵件發送者使用電子郵件欺騙混淆自己的身份。通常情況下,垃圾郵件的發送者本意實際上是垃圾郵件的另一個受害者的E-mail地址已出售或由垃圾郵件發送者收穫。
0
0