Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Spam being sent using my email address

  • 13-02-2006 4:20pm
    #1
    Registered Users, Registered Users 2 Posts: 4,479 ✭✭✭


    Hey Guys,

    I was reading here a few months back about a problem known as email injection. Not sure who it was but basically a form on somebodies website was been used to send spam. A simple few lines of code would solve the problem.

    At the time I discovered that I was having this trouble on my brothers website and I actually removed the forms. This past week an inbox for the site in question has been recievieing failed delivery reports on emails being sent using its address. The report looks like this;

    Hi. This is the qmail-send program at beryllium.3dpixelnet.com.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.

    <jankoent@sprynet.com>:
    207.69.200.17 does not like recipient.
    Remote host said: 550 [email]jankoent@sprynet.com...User[/email] unknown
    Giving up on 207.69.200.17.

    --- Below this line is a copy of the message.

    Return-Path: <paul@dalymotoring.com>
    Received: (qmail 3206 invoked by uid 0); 9 Feb 2006 11:12:55 -0000
    Date: 9 Feb 2006 11:12:55 -0000
    Message-ID: <20060209111255.3205.qmail@beryllium.3dpixelnet.com>
    From: paul@xxxxxxx.com
    To: jankoent@sprynet.com
    CC:
    Subject: Re: For you and your women
    Content-Type: text/plain; charset=utf-8
    Content-Disposition: inline
    Content-Transfer-Encoding: 8bit

    The from field is my brothers email address. What exactly is happening here? Is the person trying to use this email address to send spam having success with only the occassional failure being sent back to my brother? How do I stop this?


Comments

  • Closed Accounts Posts: 382 ✭✭misterq


    you can't stop spam or virus mails faking the from address. Occasionally you might be unfortunate enough to be the from address, but most of the time they are non-existent.

    It shouldn't be something you should lose too much sleep over unless they are actually originating from your brothers website or pc.


  • Registered Users, Registered Users 2 Posts: 673 ✭✭✭Bananna man


    I have a similar problem. I am getting spam mails (about 200 a day now) addressed from my own website all with different names ahead of my domain name e.g. the@irishpokeronline.com

    Is their anything i can do to sort this out or just hope it sorts itself out?

    Thanks


  • Registered Users, Registered Users 2 Posts: 4,479 ✭✭✭wheres me jumpa


    It seems they are using my brother's email address as the from field. Im not sure how many are being sent but there were ten failure reports in his inbox today.


  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    There's no simple solution to this, but turning off any "catch all" address you have on the domain can help mitigate the situation, as at least that way you won't get the bounces back on the invalid return path


  • Registered Users, Registered Users 2 Posts: 4,479 ✭✭✭wheres me jumpa


    Cheers Blacknight.

    How exactly are they doing this? Im curious to know the technique.


  • Advertisement
  • Subscribers Posts: 9,716 ✭✭✭CuLT


    It's easy enough to fake the From field, I occasionally get messages like that bounced back to my eircom email address. I probably posted it carelessly in a few places years back.

    There's spam programs designed specifically to hammer email addresses "anonymously", you'd probably find them if you googled for them.
    I tested one out by sending myself fifty mails with the From field as "god@heaven.com" :)

    That said, it could just have easily been used to sent a load of password request emails to people with "support@microsoft.com" as the from field.


  • Registered Users, Registered Users 2 Posts: 804 ✭✭✭TimTim


    If I understand correctly, why don't you add an SPF record to your domain?

    Because if those emails are being sent from a mail server other then your own (or what you specified) then any SPF aware mailserver should drop them like a hot potato.


  • Closed Accounts Posts: 220 ✭✭esskay


    Want to send email from someone elses address, just look at this prog
    http://www.freedownloadscenter.com/Email_Tools/Mail_Clients/Umail.html
    This 500k freeware prog will let you enter the "from" address so you can send from any address. easy, isn't it...... ;)


  • Registered Users, Registered Users 2 Posts: 4,479 ✭✭✭wheres me jumpa


    TimTim wrote:
    If I understand correctly, why don't you add an SPF record to your domain?

    Because if those emails are being sent from a mail server other then your own (or what you specified) then any SPF aware mailserver should drop them like a hot potato.

    how do i do this?


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    esskay wrote:
    Want to send email from someone elses address, just look at this prog
    http://www.freedownloadscenter.com/Email_Tools/Mail_Clients/Umail.html
    This 500k freeware prog will let you enter the "from" address so you can send from any address. easy, isn't it...... ;)
    You can also do this in Outlook. Just set up another account with the email address you wish to spoof, and stick this address in the from field.

    The main problem is that the bulk of domains don't have SPF records (mine don't :o) and the bulk of SMTP servers don't use SMTP authentication. Even without these two things, it's a simple enough problem to sort, but there are a lot of people out there managing mail servers without a clue and/or hosting providers who don't care all that much.

    The basic rundown of a conversation between a client and a mail server goes like this:
    MS: I'm a mailserver.
    Client: Hello, I'm client1
    MS: Hi client1.
    Client: I'd like to send a mail from joe.bloggs@company.com
    MS: Okay.
    Client: I'd like to send this mail to jane.doe@otherco.com
    MS: Okay.
    Client: I'll now tell you what I'm going to send
    MS: Okay, fire away and let me know when you're done.
    Client: <blahblahblahblah>
    Client: I'm done.
    MS: OK, thanks. Let me know if you want to send another.
    This is the way that many transactions go. As you can see, there's zero attempt to make sure that the sender (or recipient) is valid.

    There are a few general ways to prevent just anyone from inserting any data in the above transaction:
    Modern mailservers will allow you to restrict the sending of mail depending on where the person is connecting from. Corporate mailservers, for example, can insist that a sender is only connected to their domain, otherwise reject the mail. They can also insist that the "from" field uses only @mydomain.com.

    ISPs are a little more lax, as customers may want to send/receive mail from multiple accounts. They usually just insist that you are connected to their network. If you try to use the mail server to send mail while you are connected to a different ISP, you'll be told "Relaying Not Allowed for ..."


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    TimTim wrote:
    If I understand correctly, why don't you add an SPF record to your domain?

    Because if those emails are being sent from a mail server other then your own (or what you specified) then any SPF aware mailserver should drop them like a hot potato.

    The problem with SPF is that only a small number of domains are publishing SPF records and not that many tools are actively blocking SPF failures.

    Sure - you could configure your own mail server to drop the SPF failures, but that wouldn't solve the issue of the bouncebacks ..


  • Closed Accounts Posts: 39 Arch-Stanton


    Another nasty piece of work is Beijing Express, when the spammer sends his mail the “email address From” picks up the server address of the server the victims email account is hosted on.

    It’s a pity that one of the best tools technology has to offer (email) is perverted by some.


Advertisement