Security Incidents mailing list archives
Re: blind forwards
From: brock.norvell () IFACTOR-E COM (Brock Norvell)
Date: Thu, 29 Jun 2000 20:44:02 GMT
Original Message <<<<<<<<<<<<<<<<<<
On 6/28/00, 2:13:48 PM, Keith McCammon <kmccammon () TIDALWAVE NET> wrote regarding blind forwards:
Hey all,
This may or may not be the right list for this. It doesn't seem to fit nicely anywhere. However, we're investigating this at work, and I know someone out there knows the answer. (An incident I suppose)
I'm curious to find out how one could go about analyzing an e-mail to
find
out if it is being intercepted upstream before it reaches the intended recipient. For example, with some e-mail servers, a file can be placed
in
the user's mailbox on the server that will "blind" forward any incoming
to a given address.
SMTP Server --> Recipient's Mail Server--> USER-X (blind) and INTENDED-USER (as usual)
I'd imagine that this is highly illegal at the upstream level under most circumstances; and I know there's a way to find out if this type of
snooping
is taking place. Anyone? Anyone?
Keith
Depending upon who your ISP or upstream is, and what their TOS (Terms of Service) are, this may not be illegal at all, however, IANAL. As for the blind copy, if it's done right, there's no way you could determine from the headers whether or not it's being done. Access to the mail server's log could provide with that information tho. Brock
Current thread:
- Re: Nike Site taken over, (continued)
- Re: Nike Site taken over Joel de la Garza (Jun 23)
- Re: Nike Site taken over Aviram Jenik (Jun 24)
- Re: Nike Site taken over Valdis Kletnieks (Jun 26)
- funky syslog entry klug (Jun 26)
- Re: funky syslog entry Valdis Kletnieks (Jun 27)
- Re: funky syslog entry Jens Hektor (Jun 27)
- Re: funky syslog entry Erich Meier (Jun 28)
- Re: funky syslog entry Sean Michael Whipkey (Jun 28)
- blind forwards Keith McCammon (Jun 28)
- Re: blind forwards Ex Machina (Jun 29)
- Re: blind forwards Brock Norvell (Jun 29)
- Re: blind forwards John Hall (Jun 29)
- Re: blind forwards David Pick (Jun 30)
- Re: funky syslog entry UnixGeek (Jun 29)
- Re: funky syslog entry Chris West (Jun 29)
- wuftp exploit Toby Miller (Jun 28)
- Re: wuftp exploit Daniel Jacobowitz (Jun 28)
- Permissions Derick Schuetz (Jun 27)
- Re: Permissions Valdis Kletnieks (Jun 27)
- Re: Permissions Jon Lewis (Jun 27)
- Probes for MySQL under Linux? Ralf G. R. Bergs (Jun 27)