[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: hotmail users receive email as (unknown)?
On Thu, Jun 06, 2002 at 09:50:35PM +0000, Paul Pruett wrote:
> hotmail started seeing subject and from properly after removing
> some custom settings to our sendmail.mc
> I like the concept of not telling the version of mail server,
> but somethin in the define causes mail sent to hotmail.com to
> confuse header.
This is a seldom-cited cost in the security-through-obscurity
model. Sure, you may gain a bit by putting some stumbling blocks
in the way of the inexperienced, but you also put various sumbling
blocks in your own way. Consider all the time wasted in this
effort, if nothing else....
While you might not want to go out of your way to tell the world
what your systems are, it makes just about as much sense to try to
hide that fact. If your security is good, the attackers won't have
any more success whether or not they know what you're running. If
your security is weak, it probably just means that it'll be days,
rather than hours, before you get 0wn3d.
Yes, there are exceptions. If there was a known attack and no
known solution, some obfuscation may be prudent. I'm sure others
can think of other exceptions. But, absent a specific problem,
there are much better things to do with your time.
[demime 0.98d removed an attachment of type application/pgp-signature]