Re: hide real e-mail address

t-4-2 wrote:
The " keeper " is a classmate with her husband as technical support. None of them could it figure out.

"FromTheRafters" <erratic@xxxxxxxxxxxxxxxxx> wrote in message news:OVkh8IYjJHA.3716@xxxxxxxxxxxxxxxxxxxxxxx
"t-4-2" <dhuang1@xxxxxxxxx> wrote in message news:OdQcZoTjJHA.3716@xxxxxxxxxxxxxxxxxxxxxxx
Not sure where to post this question.
WLM 14v.
My alumni group website received an anonymous letter with invalid (fake ) address.
This alumni group site is Membership Only. Members must provide valid e-mail addresses and nobody is to send messages to the group without membership and valid acknowledged address.
So, my question is, how did this happen ? How did the message get through, and how did the sender use faked address and still be able to send the message out ? We want to stop this. Please advise. Thank you.
P.S. The anonymous message is NOT malicious. It contains concern of group's policy and requests changes. It is obviously sent by a current member. But still ........ did we get hacked ?

It seems to me that the software at the website that is supposed
to filter out e-mail that doesn't comply with having acknowledged
addresses is broken - or that the perpetrator has access to the
acknowledged and accepted e-mail to edit it with a fake address
after it has arrived.

Who has the keys to the kingdom?

Most mail clients allow a person to use a "Reply to" address. Most of them use this if you supply it, if you do not then they use the "Real" email address you used to set up the account. For example I could have ctame@xxxxxxxxx for one account and charlie@xxxxxxxxx for another but in the first I use charlie@xxxxxxxxx as the "Reply to" address thus no matter which I am using to "Send" with, the replies when people click on "Reply" will come to the same address, charlie@xxxxxxxxxx

(Both of those are "Fake" by the way because posting an email address in a newsgroup like this will get you 1000 spam emails a day :)

So it is perfectly possible that the person has a fake address for good reason and accidentally posted to the group using it, the address your server saw may have been his / her real one, although you would normally "See" the fake reply to address listed in the post.

But, you also asked how he / she was able to send the post. Well, his / her sending server probably doesn't care, in fact it's your receiving server that has to care, and generally there would be a list of acceptable senders usually called a "White List". Even if there IS a white list it can still fall victim to "Fake" addressing, but that's not something you can ever totally prevent.

I think you may be worrying about something that is not terribly important, especially as the post was not malicious.