Re: email security issue

[chort <chort () amaunetsgothique com>]

On Tue, 10 Jun 2003, Shar wrote:

> A website I own has had the main email address identity stolen.  Someone
> from somewhere in the world is sending out spam around the world.  This has
> been going on since Sunday.  I am trying to stop this but I have been unable
> to read the header for the information I need.  Can anyone help me with
> this?

What exactly do you mean by "identity" stolen?  Do you mean the account
itself was comprimised and someone is actually logging into that account
and sending messages?  Do you mean that someone is sending mail with
that address as the RFC822 From: header?  It's important to know the
distinction.  The first you may have control over, the second you do
not.

Due to the nature of SMTP, anyone is able to claim to be anyone else.
There's nothing you can do about it because there aren't any kind of
technical restrictions on just making up an e-mail address and putting
it in your message header.

If you can locate someone who received one of the SPAMs, have them save
the entire message, including the headers.  If you can pass along a copy
with headers intact I'll show you where the message was sent from, but
that could have been obscured using anonymous proxies and such.  A
bounce message (which no doubt you're being flooded with) is unlikely to
do much good, since it probably doesn't include all the original
information (but if it does have the original headers, again let me know
and I'll point you in the right direction).

At this point the best you can do is post a statement on your website
to the effect that someone is maliciously using your address in their
messages.

-- 
-chort

> Alexx
>
>
>
> ---------------------------------------------------------------------------
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>      
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>           
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> ----------------------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------