FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-31-2011, 08:24 PM
Stephen Harris
 
Default dealing with spoofing

> Here's a thought I just thunk, folks: some scum, apparently in eastern
> Europe, has harvested my email, and is using it in the Reply-To: in its
> spamming efforts. Now, I realize that some mails go out from noreply, but
> other than that, is there a good reason why a mailserver would not be
> configured to send delivery failure to *both* Reply-To and From?

You don't want to send rejects to more than one address 'cos you then
have a simple message multiplier; send one message, generate two bounces;
the mail server will be doubling the back-scatter problem!

Anyway, the SMTP server should send the delivery failure to the envelope
address, which may be different to both the From and Reply-To addresses.

--

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:27 PM
 
Default dealing with spoofing

Stephen Harris wrote:
>> Here's a thought I just thunk, folks: some scum, apparently in eastern
>> Europe, has harvested my email, and is using it in the Reply-To: in its
>> spamming efforts. Now, I realize that some mails go out from noreply,
>> but
>> other than that, is there a good reason why a mailserver would not be
>> configured to send delivery failure to *both* Reply-To and From?
>
> You don't want to send rejects to more than one address 'cos you then
> have a simple message multiplier; send one message, generate two bounces;
> the mail server will be doubling the back-scatter problem!
>
> Anyway, the SMTP server should send the delivery failure to the envelope
> address, which may be different to both the From and Reply-To addresses.
>
That would be lovely. Unfortunately, a high percentage seem to use the
Reply-To address. Trust me, the last four or five months, I've gotten
probably hundreds, if not more, of delivery failures. And I wind up at
least glancing at them, in case email to this list, or to a friend, has
bounced.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:29 PM
Mailing Lists
 
Default dealing with spoofing

Spam filter that'll authorize the sending before receiving? *Just a thought to stop the hundreds of emails...

On Wed, Aug 31, 2011 at 4:27 PM, <m.roth@5-cent.us> wrote:

Stephen Harris wrote:

>> Here's a thought I just thunk, folks: some scum, apparently in eastern

>> Europe, has harvested my email, and is using it in the Reply-To: in its

>> spamming efforts. Now, I realize that some mails go out from noreply,

>> but

>> other than that, is there a good reason why a mailserver would not be

>> configured to send delivery failure to *both* Reply-To and From?

>

> You don't want to send rejects to more than one address 'cos you then

> have a simple message multiplier; send one message, generate two bounces;

> the mail server will be doubling the back-scatter problem!

>

> Anyway, the SMTP server should send the delivery failure to the envelope

> address, which may be different to both the From and Reply-To addresses.

>

That would be lovely. Unfortunately, a high percentage seem to use the

Reply-To address. Trust me, the last four or five months, I've gotten

probably hundreds, if not more, of delivery failures. And I wind up at

least glancing at them, in case email to this list, or to a friend, has

bounced.



* * * *mark



_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:29 PM
Josh Miller
 
Default dealing with spoofing

On 08/31/2011 01:27 PM, m.roth@5-cent.us wrote:
> Stephen Harris wrote:
>>> Here's a thought I just thunk, folks: some scum, apparently in eastern
>>> Europe, has harvested my email, and is using it in the Reply-To: in its
>>> spamming efforts. Now, I realize that some mails go out from noreply,
>>> but
>>> other than that, is there a good reason why a mailserver would not be
>>> configured to send delivery failure to *both* Reply-To and From?
>>
>> You don't want to send rejects to more than one address 'cos you then
>> have a simple message multiplier; send one message, generate two bounces;
>> the mail server will be doubling the back-scatter problem!
>>
>> Anyway, the SMTP server should send the delivery failure to the envelope
>> address, which may be different to both the From and Reply-To addresses.
>>
> That would be lovely. Unfortunately, a high percentage seem to use the
> Reply-To address. Trust me, the last four or five months, I've gotten
> probably hundreds, if not more, of delivery failures. And I wind up at
> least glancing at them, in case email to this list, or to a friend, has
> bounced.

Mark,

The Reply-To address is an optional component of the email header and is
not used in email routing by mail servers.

If the Reply-To is absent, mail clients compose a message to be sent to
the sender listed in the From field instead.

Mail server will send NDRs (non-delivery receipts) back to the envelope
sender every time with no regard for From or Reply-To.


--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:33 PM
 
Default dealing with spoofing

Josh Miller wrote:
> On 08/31/2011 01:27 PM, m.roth@5-cent.us wrote:
>> Stephen Harris wrote:
>>>> Here's a thought I just thunk, folks: some scum, apparently in eastern
>>>> Europe, has harvested my email, and is using it in the Reply-To: in
>>>> its spamming efforts. Now, I realize that some mails go out from
<snip>
>>> Anyway, the SMTP server should send the delivery failure to the
>>> envelope address, which may be different to both the From and Reply-To
>>> addresses.
>>>
>> That would be lovely. Unfortunately, a high percentage seem to use the
>> Reply-To address. Trust me, the last four or five months, I've gotten
>
> The Reply-To address is an optional component of the email header and is
> not used in email routing by mail servers.

I'm well aware that it's an optional component.
<snip>
> Mail server will send NDRs (non-delivery receipts) back to the envelope
> sender every time with no regard for From or Reply-To.

You're saying it uses the envelope, not if exists Reply-To, else From? The
problem I have with that is that a few of them have returned the email,
with full headers, and I see the *only* reference to my email address is
in the Reply-To.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:57 PM
 
Default dealing with spoofing

Josh Miller wrote:
> On 08/31/2011 01:37 PM, Josh Miller wrote:
>> On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
>>> Josh Miller wrote:
>>>> On 08/31/2011 01:27 PM, m.roth@5-cent.us wrote:
>>>>> Stephen Harris wrote:
>>>>>>> Here's a thought I just thunk, folks: some scum, apparently in
>>>>>>> eastern Europe, has harvested my email, and is using it in the
>>>>>>> Reply-To: in its spamming efforts. Now, I realize that some
>>> <snip>
>>>>>> Anyway, the SMTP server should send the delivery failure to the
>>>>>> envelope address, which may be different to both the From and
>>>>>> Reply-To addresses.
<snip>
>
> Why don't you use your SPF record to prevent spoofing (to most
> providers...)?
>
> > dig -t txt 5-cent.us
> ...
> 5-cent.us. 14400 IN TXT "v=spf1 a mx ptr
> include:hostmonster.com ?all"
> ...
>
> You have one but you're not using it to prevent spoofing.

Um, because I'm not that deep into that? Thank you, I'll look at setting
that up. One question: is that in my registrar, or my hosting site? Given
it's an MX record, I'm guessing it's the former.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:59 PM
Josh Miller
 
Default dealing with spoofing

On 08/31/2011 01:57 PM, m.roth@5-cent.us wrote:
> Josh Miller wrote:
>> On 08/31/2011 01:37 PM, Josh Miller wrote:
>>> On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
>>>> Josh Miller wrote:
>>>>> On 08/31/2011 01:27 PM, m.roth@5-cent.us wrote:
>>>>>> Stephen Harris wrote:
>>>>>>>> Here's a thought I just thunk, folks: some scum, apparently in
>>>>>>>> eastern Europe, has harvested my email, and is using it in the
>>>>>>>> Reply-To: in its spamming efforts. Now, I realize that some
>>>> <snip>
>>>>>>> Anyway, the SMTP server should send the delivery failure to the
>>>>>>> envelope address, which may be different to both the From and
>>>>>>> Reply-To addresses.
> <snip>
>>
>> Why don't you use your SPF record to prevent spoofing (to most
>> providers...)?
>>
>> > dig -t txt 5-cent.us
>> ...
>> 5-cent.us. 14400 IN TXT "v=spf1 a mx ptr
>> include:hostmonster.com ?all"
>> ...
>>
>> You have one but you're not using it to prevent spoofing.
>
> Um, because I'm not that deep into that? Thank you, I'll look at setting
> that up. One question: is that in my registrar, or my hosting site? Given
> it's an MX record, I'm guessing it's the former.

It's a DNS record. Hostmonster is authoritative for your domain, so
you'll likely use them.

--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 09:00 PM
Bowie Bailey
 
Default dealing with spoofing

On 8/31/2011 4:50 PM, Josh Miller wrote:
> On 08/31/2011 01:48 PM, Bowie Bailey wrote:
>> On 8/31/2011 4:37 PM, Josh Miller wrote:
>>> On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
>>>> You're saying it uses the envelope, not if exists Reply-To, else From? The
>>>> problem I have with that is that a few of them have returned the email,
>>>> with full headers, and I see the *only* reference to my email address is
>>>> in the Reply-To.
>>> You are seeing the "full" email headers. You will not see the envelope
>>> headers unless you capture packets or view mail server logs, etc..
>> Actually, what you are interested in is the envelope sender that the
>> remote server saw. And there is no way for you to see that unless you
>> have access to the remote server's logs.
>>
> That is not true as the remote server will present the envelope header
> to your mail server upon connection.

Yes, but the issue was in confirming which email address was used in
that connection. If you assume that the remote server is replying to
the envelope header, then yes. But if you are trying to confirm that,
then you do not have enough data.

You could, of course, create your own message with known (and differing)
From, Reply-To, and envelope headers and watch the result.

--
Bowie
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 09:33 PM
Always Learning
 
Default dealing with spoofing

On Wed, 2011-08-31 at 16:16 -0400, m.roth@5-cent.us wrote:

> Here's a thought I just thunk, folks: some scum, apparently in eastern
> Europe, has harvested my email, and is using it in the Reply-To: in its
> spamming efforts. Now, I realize that some mails go out from noreply, but
> other than that, is there a good reason why a mailserver would not be
> configured to send delivery failure to *both* Reply-To and From?

May I suggest you create a sub-domain and a user name the use that in
public places ? For example:-

mark@xyz.5-cent.us

As soon as the nasty ******** get that email address simple change the
sub-domain.

If you receive your own mails (meaning run your own mail server) then do
not accept emails from sites where the host name does not exist or does
not resolve to the HELO / EHLO or the IP address of the sending server.

There are lots of other things you can do to reduce the spam, but only
if you run your own mail server or use Google to filer-out the spam.

Paul.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org