You could get a spam filter that does something as simple as reverse dns checks... It's spam - welcome to email. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132
________________________________ From: [EMAIL PROTECTED] on behalf of Navroz Shariff Sent: Tue 1/10/2006 7:54 AM To: [email protected] Subject: [ActiveDir] Spoofed emails Dear list, For the past couple of weeks, a few staff members were receiving emails with the 'Subject', 'From', and 'To' fields being blank. It was not taken too seriously until I received such an email. In the advent the zero-day exploits such as the WMF, I realize what a big security problem this can be. Imagine if this email was sent last week with an image attached and upon viewing it, would run code taking advantage of the aforementioned exploit. Below is the actual email header with server names just with type of server: Microsoft Mail Internet Headers Version 2.0 Received: corporate webmail server by Exchange server with Microsoft SMTPSVC(6.0.3790.1830); Sun, 8 Jan 2006 05:59:05 -0500 Received: from p101m059.symantecmail.net by webmail server with Microsoft SMTPSVC(6.0.3790.211); Sun, 8 Jan 2006 05:59:06 -0500 Received: from unknown [65.33.35.111] (HELO 111.35.33.65.cfl.res.rr.com) by p101m059.symantecmail.net (mxl_mta-2.9.0-24p5) with SMTP id 970f0c34.2568223664.41029.p101m059.symantecmail.net (envelope-from <>); Sun, 08 Jan 2006 03:59:05 -0700 (MST) X-Spam: [F=0.5000000000; BMI=0.500(none); SC=none] X-MAIL-FROM: <> X-SOURCE-IP: [65.33.35.111] From: <> Bcc: Return-Path: <> Message-ID: <[EMAIL PROTECTED] webmail server> X-OriginalArrivalTime: 08 Jan 2006 10:59:07.0229 (UTC) FILETIME=[8BC9C0D0:01C61442] Date: 8 Jan 2006 05:59:07 -0500 I was going to call the ISP to whom this address is registered to and notify them of email abuse generating from within their network but, I received another email from a different address (213.226.189.173) so I am thinking that the addresses are spoofed. Any help in shedding light into this situation would greatly be appreciated. -Nav
<<winmail.dat>>
