FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-31-2011, 08:16 PM
 
Default dealing with spoofing

Here's a thought I just thunk, folks: some scum, apparently in eastern
Europe, has harvested my email, and is using it in the Reply-To: in its
spamming efforts. Now, I realize that some mails go out from noreply, but
other than that, is there a good reason why a mailserver would not be
configured to send delivery failure to *both* Reply-To and From?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:21 PM
Josh Miller
 
Default dealing with spoofing

On 08/31/2011 01:16 PM, m.roth@5-cent.us wrote:
> Here's a thought I just thunk, folks: some scum, apparently in eastern
> Europe, has harvested my email, and is using it in the Reply-To: in its
> spamming efforts. Now, I realize that some mails go out from noreply, but
> other than that, is there a good reason why a mailserver would not be
> configured to send delivery failure to *both* Reply-To and From?

There are two parts to an email that relate to routing; envelope header
and email header. The only consideration given to routing is the
envelope header which has sender and recipient, nothing else.

Reply-To is part of the email header and is there for the email client
to use.

(See RFCs 2821, 2822.)

HTH,
--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:37 PM
Josh Miller
 
Default dealing with spoofing

On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
> Josh Miller wrote:
>> On 08/31/2011 01:27 PM, m.roth@5-cent.us wrote:
>>> Stephen Harris wrote:
>>>>> Here's a thought I just thunk, folks: some scum, apparently in eastern
>>>>> Europe, has harvested my email, and is using it in the Reply-To: in
>>>>> its spamming efforts. Now, I realize that some mails go out from
> <snip>
>>>> Anyway, the SMTP server should send the delivery failure to the
>>>> envelope address, which may be different to both the From and Reply-To
>>>> addresses.
>>>>
>>> That would be lovely. Unfortunately, a high percentage seem to use the
>>> Reply-To address. Trust me, the last four or five months, I've gotten
>>
>> The Reply-To address is an optional component of the email header and is
>> not used in email routing by mail servers.
>
> I'm well aware that it's an optional component.

Thank you for that clarification.

> <snip>
>> Mail server will send NDRs (non-delivery receipts) back to the envelope
>> sender every time with no regard for From or Reply-To.
>
> You're saying it uses the envelope, not if exists Reply-To, else From? The
> problem I have with that is that a few of them have returned the email,
> with full headers, and I see the *only* reference to my email address is
> in the Reply-To.

You are seeing the "full" email headers. You will not see the envelope
headers unless you capture packets or view mail server logs, etc..


--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:43 PM
Josh Miller
 
Default dealing with spoofing

On 08/31/2011 01:37 PM, Josh Miller wrote:
> On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
>> Josh Miller wrote:
>>> On 08/31/2011 01:27 PM, m.roth@5-cent.us wrote:
>>>> Stephen Harris wrote:
>>>>>> Here's a thought I just thunk, folks: some scum, apparently in eastern
>>>>>> Europe, has harvested my email, and is using it in the Reply-To: in
>>>>>> its spamming efforts. Now, I realize that some mails go out from
>> <snip>
>>>>> Anyway, the SMTP server should send the delivery failure to the
>>>>> envelope address, which may be different to both the From and Reply-To
>>>>> addresses.
>>>>>
>>>> That would be lovely. Unfortunately, a high percentage seem to use the
>>>> Reply-To address. Trust me, the last four or five months, I've gotten
>>>
>>> The Reply-To address is an optional component of the email header and is
>>> not used in email routing by mail servers.
>>
>> I'm well aware that it's an optional component.
>
> Thank you for that clarification.
>
>> <snip>
>>> Mail server will send NDRs (non-delivery receipts) back to the envelope
>>> sender every time with no regard for From or Reply-To.
>>
>> You're saying it uses the envelope, not if exists Reply-To, else From? The
>> problem I have with that is that a few of them have returned the email,
>> with full headers, and I see the *only* reference to my email address is
>> in the Reply-To.
>
> You are seeing the "full" email headers. You will not see the envelope
> headers unless you capture packets or view mail server logs, etc..
>
>

Mark,

Why don't you use your SPF record to prevent spoofing (to most
providers...)?

> dig -t txt 5-cent.us
...
5-cent.us. 14400 IN TXT "v=spf1 a mx ptr
include:hostmonster.com ?all"
...

You have one but you're not using it to prevent spoofing.

--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:47 PM
Stephen Harris
 
Default dealing with spoofing

On Wed, Aug 31, 2011 at 04:27:00PM -0400, m.roth@5-cent.us wrote:
> Stephen Harris wrote:
> > Anyway, the SMTP server should send the delivery failure to the envelope
> > address, which may be different to both the From and Reply-To addresses.
> >
> That would be lovely. Unfortunately, a high percentage seem to use the
> Reply-To address. Trust me, the last four or five months, I've gotten
> probably hundreds, if not more, of delivery failures. And I wind up at
> least glancing at them, in case email to this list, or to a friend, has
> bounced.

Envelopes can be forged just as easily as any header.

--

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:48 PM
Bowie Bailey
 
Default dealing with spoofing

On 8/31/2011 4:37 PM, Josh Miller wrote:
> On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
>> You're saying it uses the envelope, not if exists Reply-To, else From? The
>> problem I have with that is that a few of them have returned the email,
>> with full headers, and I see the *only* reference to my email address is
>> in the Reply-To.
> You are seeing the "full" email headers. You will not see the envelope
> headers unless you capture packets or view mail server logs, etc..

Actually, what you are interested in is the envelope sender that the
remote server saw. And there is no way for you to see that unless you
have access to the remote server's logs.

--
Bowie
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:48 PM
Mailing Lists
 
Default dealing with spoofing

http://www.openspf.org/Introduction*- SPF FTW

On Wed, Aug 31, 2011 at 4:47 PM, Stephen Harris <lists@spuddy.org> wrote:

On Wed, Aug 31, 2011 at 04:27:00PM -0400, m.roth@5-cent.us wrote:

> Stephen Harris wrote:

> > Anyway, the SMTP server should send the delivery failure to the envelope

> > address, which may be different to both the From and Reply-To addresses.

> >

> That would be lovely. Unfortunately, a high percentage seem to use the

> Reply-To address. Trust me, the last four or five months, I've gotten

> probably hundreds, if not more, of delivery failures. And I wind up at

> least glancing at them, in case email to this list, or to a friend, has

> bounced.



Envelopes can be forged just as easily as any header.



--



rgds

Stephen

_______________________________________________

CentOS mailing list

CentOS@centos.org

http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 08:50 PM
Josh Miller
 
Default dealing with spoofing

On 08/31/2011 01:48 PM, Bowie Bailey wrote:
> On 8/31/2011 4:37 PM, Josh Miller wrote:
>> On 08/31/2011 01:33 PM, m.roth@5-cent.us wrote:
>>> You're saying it uses the envelope, not if exists Reply-To, else From? The
>>> problem I have with that is that a few of them have returned the email,
>>> with full headers, and I see the *only* reference to my email address is
>>> in the Reply-To.
>> You are seeing the "full" email headers. You will not see the envelope
>> headers unless you capture packets or view mail server logs, etc..
>
> Actually, what you are interested in is the envelope sender that the
> remote server saw. And there is no way for you to see that unless you
> have access to the remote server's logs.
>

That is not true as the remote server will present the envelope header
to your mail server upon connection.

--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 09:39 PM
Always Learning
 
Default dealing with spoofing

On Wed, 2011-08-31 at 16:33 -0400, m.roth@5-cent.us wrote:

> You're saying it uses the envelope, not if exists Reply-To, else From? The
> problem I have with that is that a few of them have returned the email,
> with full headers, and I see the *only* reference to my email address is
> in the Reply-To.

Will you tell us what mail server (MTA) is doing that ?

Paul.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 09:43 PM
Always Learning
 
Default dealing with spoofing

On Wed, 2011-08-31 at 13:50 -0700, Josh Miller wrote:

> That is not true as the remote server will present the envelope header
> to your mail server upon connection.

Surely the FROM is <> ?


Paul


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org