Re: unexpected UNDELIVERED MAIL

• Previous message: hvdkooij@vanderkooij.org: "Re: unexpected UNDELIVERED MAIL"
• In reply to: Eric Santonacci: "unexpected UNDELIVERED MAIL"
• Next in thread: Allen Brooker: "Re: unexpected UNDELIVERED MAIL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 30 Nov 2001 11:57:12 -0800
From: Seth Arnold <sarnold@wirex.com>
To: focus-linux@securityfocus.com
Subject: Re: unexpected UNDELIVERED MAIL
Message-ID: <20011130115712.C7800@wirex.com>

On Fri, Nov 30, 2001 at 01:52:48PM +0100, Eric Santonacci wrote:
> Since a week, I'm receiving undelivered email notification for mail I didn't
> send neither someone in my domain. I though that someone (spammer)has hacked
> my SMTP server but it seems, they are just using my domain name as mail appear
> to come from. Is there any possiblity to stop that , to know who does this or
> something else against this practice? Except filtering incoming mail.

SMTP protocol is trivial to forge this information.

For kicks, some day, look up the SMTP RFC (I think it is distinct from
RFC 822, the email-format RFC, but 822 might be a start :) and get the
gist of SMTP.

I'd imagine any sysadmin who has setup a more-than-simple SMTP server
knows enough SMTP by heart to make forged emails that look like they
came from you.

Giving it a shot, by memory, without the aid of an SMTP server to tell
me if I got it right or wrong..

nc smtp-host smtp
HELO eric-santonacci.domain
mail from eric-santonacci@eric-santonacci.domain
rcpt to spammer-victim@victom.domain
data
From: eric-santonacci@eric-santonacci.domain
To: You could be a winner!
Subject: You could be a winner!

You may have already won!
.

Note that since this forged email need never go through your domain, or
involve your computers, you cannot stop this. (Note also that more
clever people might inject several Recieved: headers into the forged
email, to make it appear that the email had gone through your servers.)

As far as I can tell, there aren't many solutions to this problem. You
could educate recipients of email claiming to come from you that you gpg
sign all your outgoing email. This won't work real well, since the
people complaining are probably not the people who would know it is
forged if it didn't have a gpg sig.

Another option is to ditch SMTP altogether, and use a different protocol
for email, such as one described by dan bernstein (probably linked
somewhere at http://cr.yp.to/) -- one that sends a short note to the
recipient that an email is waiting at your server for them to read, that
they can pickup at their leisure.

This option would be ideal -- however, trying to convince every single
user on the internet to ditch SMTP in favor of an relatively obscure
(and possibly un-implemented?) protocol probably is doomed to
failure.[1]

In short -- you're stuck telling the people who complain that the email
didn't come from you. (Yes, spammers sometimes use this technique to get
lists of people who read their email. You *might* be better off just
deleting them all.)

Cheers!

[1]: I've been thinking that the USPS, UPS, FedEx, or someone
traditionally respected for moving objects in the physical world, could
make a killing by setting up spam-free mail services using a similar
protocol, that would work only among the various companies that sign up
for the support .. if one takes a spam-happy attitude, usps, ups, fedex,
whoever, kills the email support from the company. (By the way, if this
email is ever the genesis of a truly successful setup like this, I would
be amenable to offers to give me money for the idea. :)

-- 
"Soldiers quartered in a populous town will always occasion two mobs
where they prevent one. They are wretched conservators of the peace."
-- John Adams

• application/pgp-signature attachment: stored

• Previous message: hvdkooij@vanderkooij.org: "Re: unexpected UNDELIVERED MAIL"
• In reply to: Eric Santonacci: "unexpected UNDELIVERED MAIL"
• Next in thread: Allen Brooker: "Re: unexpected UNDELIVERED MAIL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SPAM - More info please ... This happens because of a misconfigured SMTP server. ... POP (Post Office Protocol) is a client end protocol. ... IMAP (internet Mail Access Protocol) is another client end protocol. ... (Security-Basics) Re: A flood of spams - another virus on the way? ... > If you are talking about HP.com's SMTP service, ... Yet another effect of Spam. ... by the time the SMTP server has gone into DATA mode to ... he'll most likely get the NO SUCH USER response. ... (comp.os.vms) Re: Font in Inbox larger........ ... SMTP server, and I don't recall what that server name is. ... Gary VanderMolen, MS-MVP (Mail) ... Norton Antivirus) I had AVG for a long time and decided to go back to Norton ... (microsoft.public.windows.vista.mail) Re: Email programs that work. ... multiple accounts since one wouldn't want the same filters to apply to all ... All my home filters only apply to my home mail. ... simple SMTP interface so they can do away with the command line altogether. ... the fact that it passes through an SMTP server prior to the work ... (Debian-User) Re: Analysis of an MSN rejection. ... and suggest that the sender needs to use their own ISP's SMTP ... >> Mercury SMTP Server: ... > server which accepted the message for relay. ... > and IP addresses are irrelevant in this case; SBC Yahoo! ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint