Re: Mail relay question

["0x90" <secbasics () spam gagspace com>]

> The vast majority of the spam appears to be returned email because the
> destination domain doesn't have a recipient for the email.
> The (spoofed) originator of the returned email is giberish or random
> names @myhomedomain.com

Right. Those are all random attempts. Not very efficient, if you ask me. But 
yeah, there's a lot of them, and you shouldn't be bothered by it.


> I don't understand why the IP of the connecting client can craft an email 
> FROM a
> domain the IP does not resolve to?


This is how it works. You can be anywhere and send an e-mail. You could be 
the client of 3 ISP's at 3 different locations, using 3 different outgoing 
SMTP servers, and still use the same email address. Whatever you configure 
in your client will be used. There is no way a server can decide if you are 
who you say you are. Like the others said, read the SMTP RFC or google for 
simple examples / resources.


> Maybe it used to belong to someone else? But that would make the emails
> more specific to past owner I would think....

Most of the spam is just general crap not specific to anything. Stock scam, 
'medicine', etc. It's possible it was somebody else's before, but I doubt 
you could tell the difference just by the content of these. You can always 
just google for the domain in question.


> -->What risk.
> Depends, my thought was that my wife will trust anything sent to her as
> long as it appears to come from me.


Digital signature, common sense, little teaching, maybe a combination of 
these... BTW the client usually displays the name from the 'From:' field, 
not the email. So unless they know exactly what name you set (John Doe, Doe, 
John, JDoe, Johnny, etc), your wife will notice the difference from the 
previous emails and should get suspicious.

Cheers,
0x90
http://hax.tor.hu/