Security Basics mailing list archives

Re: Protection against fake mails

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 9 Apr 2008 21:03:47 +0200

On 2008-04-09 WALI wrote:

If we a do a google search for the following string "Send free,
anonymous and easy fake email", one of the sites we get is
'deadfake.com'...and many others. I can send an email to myself from
myself by filling in the two fields at the website.

Technically, what such sites seems to be doing is that, such mailers
add an X-Mailer attribute to the message header indicating the message
origin, and an X-Originating-Ip (a real one).

How do I guard against such emails originating from fake email
impersonations.


In one word: not.

Does anything stop you from writing arbitrary return addresses on snail
mail? E-mail is no different.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

Port Monitoring Software Tinu Koshy (CISD) (Apr 09)
- RE: Port Monitoring Software Dan Denton (Apr 09)
- RE: Port Monitoring Software Steve Anderson (Apr 09)
  - RE: Port Monitoring Software Nathan Sherlock (Apr 09)
- Re: Port Monitoring Software Charles H. Leggett (Apr 09)
- Re: Port Monitoring Software infolookup (Apr 09)
- RE: Port Monitoring Software Stachowicz, Mark (Apr 09)
- RE: Port Monitoring Software Mohamed Senan (Apr 09)
  - Re: Port Monitoring Software Jarrod Frates (Apr 09)
  - Protection against fake mails WALI (Apr 09)
    - Re: Protection against fake mails Ansgar -59cobalt- Wiechers (Apr 09)
    - Re: Protection against fake mails Mark Owen (Apr 09)
    - Re: Protection against fake mails Captain Bock (Apr 10)
    - RE: Protection against fake mails Jens C. Laundrup (Apr 10)
    - Re: Protection against fake mails Captain Bock (Apr 14)
    - Re: Protection against fake mails Jarrod Frates (Apr 12)
    - Re: Protection against fake mails vipw01 () gmail com (Apr 14)
    - Re: Protection against fake mails Jeff MacDonald (Apr 10)
    - RE: Protection against fake mails Jens C. Laundrup (Apr 10)
    - Re: Protection against fake mails Nick Owen (Apr 10)
    - RE: Protection against fake mails Craig Wright (Apr 14)

(Thread continues...)