Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: blind forwards

From: j.hall () F5 COM (John Hall)
Date: Thu, 29 Jun 2000 13:51:41 -0700

Yes, it would be possible to intercept email the way you mention.  If it
was done ineptly, then there might be indications in the RFC822 header
such as extra "Received:" lines.

Anyone who wanted a copy of your email who has access to any machine on the
same physical network as your mail server or any of your upstream servers
could easily get copies using one of several sniffer packages without leaving
any sign at all.  Even if they put an intercept server in the path the mail
takes to get to you, they could make it transparent without any significant
effort.

If your mail is being intercepted, then most likely you will never know.

The legality of email interception is still a grey area.  Some cases are
covered under the ECPA (Electronic Communications Privacy Act, 1996), but
there are still few precedents.  The case of using a sniffer to intercept
packets containing email is almost certainly covered though and illegal,
although you would probably have to have a pretty egregious offense to
get a federal prosecutors attention.

JMH

Keith McCammon wrote:
...

I'm curious to find out how one could go about analyzing an e-mail to find
out if it is being intercepted upstream before it reaches the intended
recipient.  For example, with some e-mail servers, a file can be placed in
the user's mailbox on the server that will "blind" forward any incoming mail
to a given address.

SMTP Server --> Recipient's Mail Server--> USER-X (blind) and INTENDED-USER
(as usual)

...

Keith


--
John Hall <j.hall () f5 com>                                     F5 Networks, Inc.
Senior Test Engineer                                          206-505-0800

It shall be unlawful for any suspicious person to be within the municipality.
                -- Local ordinance, Euclid Ohio
Previous By Date Next
Previous By Thread Next

Current thread: