Forged email

inaki · 06-27-2005, 10:21 PM

Hi, i got weird email that i 've try to send email to the unknown users. It seems my email account was been stolen. Did anybody know on how to recover it because i got it a lot.

Matir · 06-27-2005, 10:35 PM

Most likely, someone is just sending emails using your address as the "from" address. A lot of spammers do this.

inaki · 07-14-2005, 08:44 PM

Yes i know, but how to know the way of prevention.

TQ

DaWallace · 07-14-2005, 09:01 PM

make your isp employ some sort of authentication on its smtp server. I tried this.. but they're stubborn and dumb.. so spammers live on.. because of cheap damn isps

Matir · 07-14-2005, 10:07 PM

Authentication on the SMTP server does nothing. I can send this from MY smtp server:

Code:

From: "Joe Blow" <you@yourdomain.com>
Subject: Bigger in just 7 days!

This is not spam!  This is an unsolicited advertisement for a Swedish made enlargment pump!

DaWallace · 07-15-2005, 02:35 AM

well.. if the smtp server doesn't do any real authentication all you have to know is whose address you want to use, and you can just go.
if, however your isp makes you enter a password(most don't, just for incoming mail, dumbasses) spammers can't really do that.

spammers do this so they don't get caught using their own connections to actually send the stuff.

Code:

Your message

 From:	Gilda Gunter <blahdyblage@bloopbitty.poo>

 To:	nameyname@blahblah.com

 Subj:	Hey.
 Sent:	2005-06-26 16:37

has encountered a delivery problem.

Reason: Bad destination mailbox address
The mailbox specified in the address does not exist.
This means the address portion to the left of the @ sign is invalid.

I am not gilda gunter.

tkedwards · 07-21-2005, 06:08 PM

Quote:

Yes i know, but how to know the way of prevention.

You can't. Anyone can send an email as you@yourdomain.com if they have access to an email server that allows relaying. And since there is plenty of free email server software around (ie. it comes standard with most Linux installs) anyone can setup their own mail software on their own computer and allow relaying on it.

SPF is gradually gaining acceptance by mail server administrators to avoid receiving forged email, but SPF is a receiving-end measure. You'd have to control every mail server in the entire world to be able to use SPF to guarantee that no one can send email as you.

Similarly SMTP authentication on your ISP's server restricts the use of that particular server to legtimiate users (ie. customers) of that ISP. It has nothing to do with preventing forgeries and will not stop spam, because nowadays most spam is sent from bot-networks of compromised (mostly) Windows computers or from spammers setting up legitimate internet accounts with ISPs and quickly using them to send as much spam as possible before being shutdown.

The only way to prove an email is from you is to cryptographically sign the email using PGP. Kmail/Kontact, Evolution and Thunderbird on Linux support this. A quick google around should reveal plenty of guides on setting this up.