Security Incidents mailing list archives
Re: Headerless EMail
From: "Forrester, Mike" <mforrester () HSACORP NET>
Date: Mon, 22 Jan 2001 09:02:08 -0700
We see this sort of thing all the time. Either the lack of headers or headers containing forged information. The tools that most spammers use do not add header information to the messages that it sends. They use SMTP to send the messages, but AFAIK it's up to the mailer/server to update the header information. Most of the time we get spam, the only reliable header is the one generated by our mail server. Mike Forrester - Systems Security Engineer HSA Corp. - Denver, CO USA mforrester () hsacorp net - +1 720 922 2545 "Only amateurs attack machines; professionals target people. And any solutions will have to target the people problem, not the math problem." - Bruce Schneier -----Original Message----- From: Attonbitus Deus [mailto:Thor () HAMMEROFGOD COM] Sent: Friday, January 19, 2001 12:56 PM To: INCIDENTS () SECURITYFOCUS COM Subject: [INCIDENTS] Headerless EMail What was the thread on the email with no headers? I looked in the archives but could not find anything. The response was that the sender must have sent the mail directly from the user's mail server... Anyone remember? I ask because I just got sent one myself, with the following file attached: MEPOJPME.EXE with no name and no headers other than this: Received: from oemcomputer (uu212-190-4-90.unknown.uunet.be [212.190.4.90]) by hermod.hammerofgod.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id C3C6PG0J; Fri, 19 Jan 2001 13:55:40 -0500 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VEA381QJOHYZWDE7" Of course my mail system blocked it, but it still pisses me off. This was sent directly to me, and the bad part is that they got the email address from one the SF lists that I participate in. Nowhere else have I ever used this email address. Thanks!
Current thread:
- Headerless EMail Attonbitus Deus (Jan 21)
- Re: Headerless EMail Mark Ackermans (Jan 22)
- <Possible follow-ups>
- Re: Headerless EMail Forrester, Mike (Jan 22)