Here's a thought I just thunk, folks: some scum, apparently in eastern
Europe, has harvested my email, and is using it in the Reply-To: in its
spamming efforts. Now, I realize that some mails go out from noreply, but
other than that, is there a good reason why a mailserver would not be
configured to send delivery failure to *both* Reply-To and From?
mark
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
08-31-2011, 08:21 PM
Josh Miller
dealing with spoofing
On 08/31/2011 01:16 PM, m.roth@5-cent.us wrote:
> Here's a thought I just thunk, folks: some scum, apparently in eastern
> Europe, has harvested my email, and is using it in the Reply-To: in its
> spamming efforts. Now, I realize that some mails go out from noreply, but
> other than that, is there a good reason why a mailserver would not be
> configured to send delivery failure to *both* Reply-To and From?
There are two parts to an email that relate to routing; envelope header
and email header. The only consideration given to routing is the
envelope header which has sender and recipient, nothing else.
Reply-To is part of the email header and is there for the email client
to use.
(See RFCs 2821, 2822.)
HTH,
--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
08-31-2011, 08:37 PM
Josh Miller
dealing with spoofing
On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
> Josh Miller wrote:
>> On 08/31/2011 01:27 PM, m.roth@5-cent.us wrote:
>>> Stephen Harris wrote:
>>>>> Here's a thought I just thunk, folks: some scum, apparently in eastern
>>>>> Europe, has harvested my email, and is using it in the Reply-To: in
>>>>> its spamming efforts. Now, I realize that some mails go out from
> <snip>
>>>> Anyway, the SMTP server should send the delivery failure to the
>>>> envelope address, which may be different to both the From and Reply-To
>>>> addresses.
>>>>
>>> That would be lovely. Unfortunately, a high percentage seem to use the
>>> Reply-To address. Trust me, the last four or five months, I've gotten
>>
>> The Reply-To address is an optional component of the email header and is
>> not used in email routing by mail servers.
>
> I'm well aware that it's an optional component.
Thank you for that clarification.
> <snip>
>> Mail server will send NDRs (non-delivery receipts) back to the envelope
>> sender every time with no regard for From or Reply-To.
>
> You're saying it uses the envelope, not if exists Reply-To, else From? The
> problem I have with that is that a few of them have returned the email,
> with full headers, and I see the *only* reference to my email address is
> in the Reply-To.
You are seeing the "full" email headers. You will not see the envelope
headers unless you capture packets or view mail server logs, etc..
--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
08-31-2011, 08:43 PM
Josh Miller
dealing with spoofing
On 08/31/2011 01:37 PM, Josh Miller wrote:
> On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
>> Josh Miller wrote:
>>> On 08/31/2011 01:27 PM, m.roth@5-cent.us wrote:
>>>> Stephen Harris wrote:
>>>>>> Here's a thought I just thunk, folks: some scum, apparently in eastern
>>>>>> Europe, has harvested my email, and is using it in the Reply-To: in
>>>>>> its spamming efforts. Now, I realize that some mails go out from
>> <snip>
>>>>> Anyway, the SMTP server should send the delivery failure to the
>>>>> envelope address, which may be different to both the From and Reply-To
>>>>> addresses.
>>>>>
>>>> That would be lovely. Unfortunately, a high percentage seem to use the
>>>> Reply-To address. Trust me, the last four or five months, I've gotten
>>>
>>> The Reply-To address is an optional component of the email header and is
>>> not used in email routing by mail servers.
>>
>> I'm well aware that it's an optional component.
>
> Thank you for that clarification.
>
>> <snip>
>>> Mail server will send NDRs (non-delivery receipts) back to the envelope
>>> sender every time with no regard for From or Reply-To.
>>
>> You're saying it uses the envelope, not if exists Reply-To, else From? The
>> problem I have with that is that a few of them have returned the email,
>> with full headers, and I see the *only* reference to my email address is
>> in the Reply-To.
>
> You are seeing the "full" email headers. You will not see the envelope
> headers unless you capture packets or view mail server logs, etc..
>
>
Mark,
Why don't you use your SPF record to prevent spoofing (to most
providers...)?
> dig -t txt 5-cent.us
...
5-cent.us. 14400 IN TXT "v=spf1 a mx ptr
include:hostmonster.com ?all"
...
You have one but you're not using it to prevent spoofing.
--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
08-31-2011, 08:47 PM
Stephen Harris
dealing with spoofing
On Wed, Aug 31, 2011 at 04:27:00PM -0400, m.roth@5-cent.us wrote:
> Stephen Harris wrote:
> > Anyway, the SMTP server should send the delivery failure to the envelope
> > address, which may be different to both the From and Reply-To addresses.
> >
> That would be lovely. Unfortunately, a high percentage seem to use the
> Reply-To address. Trust me, the last four or five months, I've gotten
> probably hundreds, if not more, of delivery failures. And I wind up at
> least glancing at them, in case email to this list, or to a friend, has
> bounced.
Envelopes can be forged just as easily as any header.
--
rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
08-31-2011, 08:48 PM
Bowie Bailey
dealing with spoofing
On 8/31/2011 4:37 PM, Josh Miller wrote:
> On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
>> You're saying it uses the envelope, not if exists Reply-To, else From? The
>> problem I have with that is that a few of them have returned the email,
>> with full headers, and I see the *only* reference to my email address is
>> in the Reply-To.
> You are seeing the "full" email headers. You will not see the envelope
> headers unless you capture packets or view mail server logs, etc..
Actually, what you are interested in is the envelope sender that the
remote server saw. And there is no way for you to see that unless you
have access to the remote server's logs.
--
Bowie
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
08-31-2011, 08:48 PM
Mailing Lists
dealing with spoofing
http://www.openspf.org/Introduction*- SPF FTW
On Wed, Aug 31, 2011 at 4:47 PM, Stephen Harris <lists@spuddy.org> wrote:
On Wed, Aug 31, 2011 at 04:27:00PM -0400, m.roth@5-cent.us wrote:
> Stephen Harris wrote:
> > Anyway, the SMTP server should send the delivery failure to the envelope
> > address, which may be different to both the From and Reply-To addresses.
> >
> That would be lovely. Unfortunately, a high percentage seem to use the
> Reply-To address. Trust me, the last four or five months, I've gotten
> probably hundreds, if not more, of delivery failures. And I wind up at
> least glancing at them, in case email to this list, or to a friend, has
> bounced.
Envelopes can be forged just as easily as any header.
--
rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
08-31-2011, 08:50 PM
Josh Miller
dealing with spoofing
On 08/31/2011 01:48 PM, Bowie Bailey wrote:
> On 8/31/2011 4:37 PM, Josh Miller wrote:
>> On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
>>> You're saying it uses the envelope, not if exists Reply-To, else From? The
>>> problem I have with that is that a few of them have returned the email,
>>> with full headers, and I see the *only* reference to my email address is
>>> in the Reply-To.
>> You are seeing the "full" email headers. You will not see the envelope
>> headers unless you capture packets or view mail server logs, etc..
>
> Actually, what you are interested in is the envelope sender that the
> remote server saw. And there is no way for you to see that unless you
> have access to the remote server's logs.
>
That is not true as the remote server will present the envelope header
to your mail server upon connection.
--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
08-31-2011, 09:39 PM
Always Learning
dealing with spoofing
On Wed, 2011-08-31 at 16:33 -0400, m.roth@5-cent.us wrote:
> You're saying it uses the envelope, not if exists Reply-To, else From? The
> problem I have with that is that a few of them have returned the email,
> with full headers, and I see the *only* reference to my email address is
> in the Reply-To.
Will you tell us what mail server (MTA) is doing that ?
Paul.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
08-31-2011, 09:43 PM
Always Learning
dealing with spoofing
On Wed, 2011-08-31 at 13:50 -0700, Josh Miller wrote:
> That is not true as the remote server will present the envelope header
> to your mail server upon connection.
Surely the FROM is <> ?
Paul
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
dealing with spoofing
