Firewall Wizards mailing list archives
RE: appropriate response for mail break-in
From: "Bill Royds" <broyds () rogers com>
Date: Sun, 27 Oct 2002 22:03:43 -0500
On Sept. 25 and 26th a spammer forged my email address as from address for a "joejob" spam run. I have received over 8000 bounce messages since them (and I am still receiving them as of a minute ago). There is only one unforgeable thing in an email header, the immediate preceding IP number that connected to your SMTP server to deliver the mail (the first received line found in headers). What a firewall can do is ensure that the SMTP connection is correct and that the sender is on the outside of firewall and comes from the sending MTA (sender domain has that MTA as MX or host is in same domain) and the receiver is on the inside or vice versa. This is actually a stricter policy than most users want, but it can cut down on spam and spoofing. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Behm, Jeffrey L. Sent: Sun October 27 2002 20:43 To: 'firewall-wizards () honor icsalabs com ' Subject: RE: [fw-wiz] appropriate response for mail break-in Are they actually using your account, or just spoofing the MAIL-FROM entry in the header (Trivial to do). I guess the question is, What leads you to believe they have "hacked" your email account? If it is of the trivial email header spoof, then reporting it to CERT would not be fruitful, nor would changing your email password. I personally have received email addressed to me, from me (with the header spoofed). The delete function is typically how I deal with that. -----Original Message----- From: Ryan M. Ferris To: firewall-wizards () honor icsalabs com This is off topic. Someone is using my account to send me mail with binary attachments. I have contacted my provider and asked to change my mail password. I have sent on the message header to them. What is the next best step? Do I file a report with CERT? Any thoughts? _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: appropriate response for mail break-in Behm, Jeffrey L. (Oct 27)
- RE: appropriate response for mail break-in Bill Royds (Oct 27)
- Re: appropriate response for mail break-in Charles Swiger (Oct 28)
- RE: appropriate response for mail break-in Bill Royds (Oct 27)