Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: email security issue

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 12 Jun 2003 10:50:50 -0700
  The extra values that SpamCop (and presumably other
services as well) bring to this, that I cannot rely on
my own brain[*] to provide, are:

1.  Syntax analysis to spot forged Received: headers.
(Your message below sounds like you don't believe they
ever happen.  They do.)

2.  Database cross-reference to known open relays and boxes
that do not reliably/correctly report message sources in
the headers they add.  (Servers do not generally volunteer
this information about themselves in the headers.)

3.  (Not always needed...) Automatic lookup of abuse-reporting
addresses, often with an indication of how seriously that
authority takes complaints.

[*] ... and I modestly claim that I have more experience with 
this than a vast majority of users, and even many administrators.

David Gillett



-----Original Message-----
From: Richard H. Cotterell [mailto:seec () mail retina ar]
Sent: June 12, 2003 06:22
To: gillettdavid () fhda edu; shar () cybermilieu com;
security-basics () securityfocus com
Subject: RE: email security issue




Ref: David Gillett <gillettdavid () fhda edu>'s
     message dated Wednesday, June 11, 2003, 9:02 hours.

... [text discarded as irrelevant to the answer being given].


 Most users who've been on line for more than a month or two
have learned that they cannot trust the From: header to correctly
report the source of a spam message.  There are various utilities,
such as http://www.spamcop.net, that will analyze other headers to
try to determine the actual origin (or at least the last open proxy
used).


I fail to see why one has to use a service such as *spamcop* 
to analyze 
headers when all one has to do is take a good look at the *Received:* 
information that will list all tha machines that handled the mail.

The best anyone wishing to learn about mail headers can do, 
is to take a 
look at Gerald Boyd's pages on the subject at <http://www.expita.com>.

... [snipped for the same reason as the introduction].



David Gillett



-----Original Message-----
From: Shar [mailto:shar () cybermilieu com]
Sent: June 10, 2003 17:58
To: security-basics () securityfocus com
Subject: email security issue


A website I own has had the main email address identity 
stolen.  Someone
from somewhere in the world is sending out spam around the 
world.  This has
been going on since Sunday.  I am trying to stop this but I 
have been unable
to read the header for the information I need.  Can anyone 
help me with
this?

Alexx



--------------------------------------------------------------
-------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by 
top analysts!
The Gartner Group just put Neoteris in the top of its 

Magic Quadrant,

while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure 
remote access in
about an hour, with no client, server changes, or ongoing 

maintenance.

          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
--------------------------------------------------------------
--------------






--
Richard H. Cotterell  <mailto:seec () mail retina ar>

You don't make the poor richer by making the rich poorer.
  -Sir Winston Leonard Spencer Churchill




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: