Security Basics mailing list archives

Re: Mail relay question

From: Aaron Howell <aaron_howell () ngenuity-is com>
Date: Fri, 22 Feb 2008 17:29:39 -0800

Nick Vaernhoej wrote:

I should have been more clear, I consider it spam due to my leaning
towards not being open to relay.
The vast majority of the spam appears to be returned email because the
destination domain doesn't have a recipient for the email.
The (spoofed) originator of the returned email is giberish or random
names @myhomedomain.com


Ok, so that isn't spam, it's what we call "backscatter", and I think one
of the other responses in this thread pointed you in the appropriate
direction to find out what that means. If not, google knows...

I guess knowing the little I do about email mechanisms I don't
understand why the IP of the connecting client can craft an email FROM a
domain the IP does not resolve to?


If this were the case, sending email would be a lot harder. Consider
vhosts. I may have one IP address hosting 10,000 domains. For forward
DNS, this is easy, ask for a name, get an IP address. But when I ask for
a reverse lookup, how do I know which domain to return?

Makes sense, I have three domain names pointing home. The one behind 95%
or so of the spam is one I have yet to really do anything with.
Maybe it used to belong to someone else? But that would make the emails
more specific to past owner I would think....


Given that one of the popular ways to try and deliver spam is to connect
to a mail server, then try to deliver mail to every name in
$HUGE_DICTIONARY_LIST, it would not surprise me at all to have a domain
with no actual email accounts associated with it receiving spam.

Depends, my thought was that my wife will trust anything sent to her as
long as it appears to come from me.


This is WAY outside the scope of this discussion, because now you're
talking about a whole different problem. Mainly, that users typically
trust what they see in their mail client/web browser/etc. This is one
reason why phishing attacks are still so successful, and we still have
networks compromised because JessicaAlbaNaked!!!one!.exe was sent by a
close trusted friend.

If you're really that worried about it, look into PGP/GnuPG and start
signing all your messages, and teach her how to verify the signature, or
get a free personal cert from Thawte...

-- 
Aaron Howell
nGenuity Information Services
509-396-2075 x6000

http://www.ngenuity-is.com

Current thread:

FW: Mail relay question Nick Vaernhoej (Feb 22)
- Re: Mail relay question 0x90 (Feb 22)
  - RE: Mail relay question Nick Vaernhoej (Feb 22)
    - Re: Mail relay question 0x90 (Feb 25)
    - Re: Mail relay question Aaron Howell (Feb 25)
    - Re: Mail relay question Ansgar -59cobalt- Wiechers (Feb 25)
- Re: FW: Mail relay question Ansgar -59cobalt- Wiechers (Feb 22)
- Re: FW: Mail relay question Aaron Howell (Feb 22)
- RE: Mail relay question Ric Messier (Feb 22)
- <Possible follow-ups>
- Re: FW: Mail relay question rafael . almeida (Feb 25)