Here's an unpleasant thing noted by the Register: https://www.theregister.co.uk/2017/12/0 ... ofing_bug/ . Any thoughts as to whether the various MailWashers are vulnerable/fixable?
Chris M
'From' spoofing?
- rusticdog
- Firetrust Monkey
Post
Re: 'From' spoofing?
Doesn't look like the demo on his website is working right now, so I can't get the test payload emailed through. I've done a quick test with the example FROMs he posted on the website and it appears like MW isn't displaying the spoofed address, so that's good, but hopefully his demo will be up and running soon to be sure.
- davews
- Travelling Tuatara
Post
Re: 'From' spoofing?
When I did a test earlier from his demo I can confirm that the spoofed FROM was very obvious in Mailwasher and Pegasus Mail (a program not on his list). Most of his listed programs are ones I have never heard of, so maybe it is not the big issue he is making out.
- chrisrm
- Student Sheep
Post
Re: 'From' spoofing?
Kewl, relaxing would seem to be the order of the day... Thanks for the reassurance,
Chris M
Chris M
- rusticdog
- Firetrust Monkey
Post
Re: 'From' spoofing?
I got one email result through and MailWasher is incorrectly determining the From. Though as davews says, it is noticeable as well.
So there will be some work to do, but we use a pretty stock library for grabbing that information, so once they update that it'll be a simple process for us.
So there will be some work to do, but we use a pretty stock library for grabbing that information, so once they update that it'll be a simple process for us.