Re: email spoofed
From: Veronica Loell (lista_at_nakawe.se)
Date: 04/29/04
- Next message: Trafton: "Re: New e-mail virus? subject: Inet system ()"
- Previous message: Jim Macklin: "Re: email spoofed"
- In reply to: Scott: "email spoofed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Apr 2004 23:45:18 +0200
Scott wrote / skrev:
> I have a website domain with several POP3 email accounts on it, and I am getting a lot of "mailer daemon"s, replies, etc from email addresses that I did not ever send mail to. How can I get rid of whatever/whoever is spoofing my addresses?
Many of the new viruses today are so called mass-mailing worms. What
they do is as the name suggests trying to spread through mass-mailing.
The actual process for this goes something like this:
1. A computer gets infected by the virus
2. The virus searches a wide array of files on the infected computer for
email-addresses (this includes address-books, html-pages, text-files and
many more types of files)
3. The virus creates emails that are sent by the virus itself, it does
not use any email-program on the computer. Theese emails will have as
the From-address and the To-address any of the email-addresses that the
virus has harvested during 2. (The From-address in an email is just a
piece of text sent along with the email and does not even have to be a
valid address.)
4. The idea now is that some of the recipients will accidentally execute
the attached virus and thus get infected.
--------
A problem that many people experience is that there are some mailservers
set up to act very inappropriate. Even though most of the viruses sent
by email today are done so by mass-mailing worms and hence the
From-address is fake they still send a notification to that address.
You cannot identify the sender of an email, but you can identify what
ISP or network it originates from. The correct way to send a
notification/report of virus spam thus is based on first identifying the
ISP/network and then looking up the appropriate abuse-address.
More information about reporting virus-spam can be found at:
http://nakawe.sourceforge.net/MMM3/reporting.txt
More information about email and IP-address forging/spoofing can be
found at:
Tracking the source of email spam - http://www.rahul.net/falk/mailtrack.html
Introduction to IP Spoofing -
http://www.wbglinks.net/pages/reads/ipspoof/inrtotoipspoofing.html
Understanding Email Headers -
http://www.iinet.net.au/support/spam/understanding.html
- Veronica Loell
- Next message: Trafton: "Re: New e-mail virus? subject: Inet system ()"
- Previous message: Jim Macklin: "Re: email spoofed"
- In reply to: Scott: "email spoofed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
