E-mail provides no security. An e-mail can be forged simply by using telnet to c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		guinness on June 18, 2010 \| parent \| context \| favorite \| on: How I "hacked" Dustin Curtis's Posterous. E-mail provides no security. An e-mail can be forged simply by using telnet to connect to and SMP server (usually your ISPs) and typing the appropriate message (see wikipedia SMTP. The easiest fix for this is PGP as mentionned in previous posts. This is, however, a horrible solution since it will alienate many users (think your mother). The simplest solution that will do a good enough job is to send back an e-mail to the user with a 'preview' of his post for him to OK it since receiving e-mails is more secure.

ergo98 on June 19, 2010 [–]

Which provides a great way to spam people. The preview idea sucks.

SPF solves almost all of the issue. Unique mailing addresses should be available for users who want it (yeah most people can handle an address book). The absence of those is just grossly incompetent.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact