OT: noreply at ......

Bill Campbell bill at celestial.com
Mon Jul 1 22:25:53 PDT 2013 

On Mon, Jul 01, 2013, Kenneth Brody wrote:
>On 7/1/2013 3:31 PM, Henry Arredondo wrote:
>[...]
>> I tested it and it works wonderful, I can even use whatever domain I want
>> :)  .    I wonder if this is how hackers use spam servers to spam.
>[...]
>
>The "from" part of e-mails has never been reliable.  All it says is what the 
>sender wants it to say.  (Over the years, I've convinced people who refused 
>to believe that by sending them an e-mail "from" <president at whitehouse.gov>.)
>
>I'm not sure how that helps spammers, beyond the ability to not put their 
>real address in the header.  (Okay -- it can help them slightly.  Many 
>people will whitelist their own e-mail address, and some spammers use the 
>recipient's address as the forged "from", in an effort to get past spam 
>filters.)

Remember the SMTP email protocol is an abbreviation of Simple
Mail Transport Protocol with emphasis on Simple.  It was designed
in a era when the network consisted mostly of reasonably
trustworth folks, universities, engineers, and other tech savvy
types who wouldn't think of abusing other people's servers.

The only headers that are trustworthy are those that start with
the Received: header when it comes into your own mail server.
Anything before that can (and will) be forged by spammers.

A fairly common thing are so-called "Joe Jobs" where the From:
header will be forged with addresses where the forger attempts to
either damage the reputation of the supposed sender or to flood
the alleged sender's mail servers with complaints or bounce messages.

Many broadband providers restrict their residential customer's
ability to send outbound SMTP on port 25 to any mail servers
other than the provider's.  They also restrict outgoing messages
through their servers to those with From: addresses in their own
domains.  Both these conditions cause issues with people who may
want to run their own mail servers on Linux or other *nix
systems.  When our customers with this type of problem, we
usually set up their systems to send outgoing mail through one of
our servers using a different port, usually using SMTP AUTH to
prevent spoofing.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792

It is necessary for the welfare of society that genius should be
privileged to utter sedition, to blaspheme, to outrage good taste, to
corrupt the youthful mind, and generally to scandalize one's uncles.
    -- George Bernard Shaw

More information about the Filepro-list mailing list