Until now, we have assumed that hackers use network-sniffing software to intercept confidential data; however, there is as much danger in forged or spoofed data. Chapter 5 on SMTP/POP3 demonstrates how the sender can specify the originating email address arbitrarily, making it easy to send an email that appears to have come from someone else’s account. One can imagine the havoc this would cause if a student were to send an email purporting to be from a professor saying, “All lectures have been canceled. You can all go home now, and we’ve decided to give you all an A+ on your exams.”

This chapter deals with the tricky issue of confirming that a client is who he says ...