11

When a university-wide mailing list system restricts posting to a list based solely on the From address... I was able to telnet port 25 from an outside server (so obviously no SPF either), pretend I'm admin@, and send a message to all students and staff...

Comments
  • 0
    That's quite scary that they permit that.
  • 2
    I wouldn't be surprised if 95% of email servers out there allow you to do this. This sort of thing only gets sorted when spam email starts impersonating members of staff.
Add Comment