Re: hotmail users receive email as (unknown)?

[Ben Goren <ben@trumpetpower.com>]

On Thu, Jun 06, 2002 at 09:50:35PM +0000, Paul Pruett wrote:

> solution-
>
> hotmail started seeing subject  and from properly after removing
> some custom settings to our sendmail.mc
>
> I like  the concept of not  telling the version of  mail server,
> but somethin  in the define  causes mail sent to  hotmail.com to
> confuse header.

This  is a  seldom-cited  cost  in the  security-through-obscurity
model.  Sure, you may gain a  bit by putting some stumbling blocks
in the way of the inexperienced, but you also put various sumbling
blocks  in your  own way. Consider  all  the time  wasted in  this
effort, if nothing else....

While you might not  want to go out of your way  to tell the world
what your systems are, it makes just about as much sense to try to
hide that fact. If your security is good, the attackers won't have
any more success whether or  not they know what you're running. If
your security is weak, it probably  just means that it'll be days,
rather than hours, before you get 0wn3d.

Yes,  there are  exceptions. If there  was a  known attack  and no
known solution,  some obfuscation may be  prudent. I'm sure others
can  think of  other exceptions. But,  absent a  specific problem,
there are much better things to do with your time.

b&

--
Ben Goren
 mailto:ben@trumpetpower.com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]