From Address Forged

To be perfectly clear: 'forging' mail headers to get around mail-from
authentication is not accepted behaviour. 

To quote from ripe-120: "Each RIPE database object has an optional
attribute called mnt-by (maintained by).  The value of the mnt-by
attribute is a reference to a mntner object in the database which
describes those authorised to make changes to the object."

So forging the mail header must be seen as a deliberate attempt to
modify data one is not authorised to modify and defeating a protection
scheme (however weak) to do so.  This is a crime in most places
nowadays.  If it is true and we can identify the person who did this
beyond doubt, they will owe all "victims" more than an apology. 

This is the first I hear of mail-from protected objects being modified
too.  I have been on travel for more than a week now and was not at the
NCC when this happened.  So my knowledge about the facts is sketchier
than I'd like.  If this is true I would assume malicious intent on the
part of the the person concerned.  I have asked the database staff to
look into this a bit further. 

More tomorrow (European time)

Daniel



  > Wilhelm Buehler <hostmaster at xlink.net> writes:
  > 
  > But you should not use the auth: MAIL-FROM !!!
  > 
  > We were happy with the MAIL-FROM for years now ... but our "friend" 
  > from rain.fr knows to fake message-id and from-line.
  > 
  > | >   From:    Trevor McBryan <hostmaster at xlink.net>
  > | >   Cc:      hostmaster at xlink.net         
  > | >   Subject: longack 
  > | >   Date:    Wed, 28 Oct 1998 12:34:27 +0000
  > | >   Msg-Id:  <36370F53.30E4F99F at xlink.net>
  > |
  > | [...]  
  > |
  > | Delete OK: [person] MW1699-RIPE (Martin Weber)