Why do you think it wasn't put there by the sender? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Strongosky Sent: Wednesday, February 22, 2006 3:00 PM To: Exchange Discussions Subject: RE: Help with Smtp Header Spoofing Bill, thanks for the reply. I've trained my boss's to look at the spam % and find why a piece of email was quarantined or not. What they want to know is, Why did the our domain get added to the from line, even though it has the Verizon domain in the from line. With our domain there it makes it look like it came from us. Is there any fix for this misformatted from line that you know of? john -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of East, Bill Sent: Wednesday, February 22, 2006 11:35 AM To: Exchange Discussions Subject: RE: Help with Smtp Header Spoofing So what is it that your bosses want to know? Why it wasn't flagged as spam? It almost was, it looks like SpamAssassin flagged it for a couple things and assigned it a likelihood of 13%. But the spammers, I've heard, run their messages through SA before sending them and strip out as much as possible that would trigger it. The From address is just goofy, it looks like one of your mail systems saw that it wasn't really valid and tried to fix it by adding your domain after it. But it mostly just looks like collateral damage from the spam wars. -- be - MOS If you can't write it right, you can't think it right. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John > Strongosky > Sent: Wednesday, February 22, 2006 11:12 AM > To: Exchange Discussions > Subject: Help with Smtp Header Spoofing > > Hey Everyone, > > Several of my boss's have received a similar emails as the one below > and now they want to know how it got thru our smtp gateways. Our smtp > gateways are running BSD unix and sendmail. I believe it has something > got do with the way the "From" address was formatted but I don't know > what this type of spoofing is called so I don't know where to start to > find out how to stop it... > > Any help would be greatly appreciated... > > v/r > john > > Received: from smtp2.sdccd.cc.ca.us ([XX.X.XXX.XX]) by > XXXXXX.sdccd.cc.ca.us with SMTP (Microsoft Exchange Internet Mail > Service Version 5.5.2655.55) > id C7ZCQ6FA; Sun, 12 Feb 2006 23:08:10 -0800 > Received: from verizon.net (bzq-88-154-142-128.red.bezeqint.net > [88.154.142.128]) > by smtp2.sdccd.cc.ca.us (8.13.4/8.13.4) with SMTP id > k1D77wwx028734 > for <[EMAIL PROTECTED]>; Sun, 12 Feb 2006 > 23:08:05 -0800 (PST) > (envelope-from [EMAIL PROTECTED]) > Message-Id: <[EMAIL PROTECTED]> > From: "Steven"" <[EMAIL PROTECTED]>"@smtp2.sdccd.cc.ca.us > To: <[EMAIL PROTECTED]> > Subject: Mexican Pharmacy > Date: Mon, 13 Feb 2006 09:08:01 -0500 > Mime-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > X-SDCCD-SPAM: Report=DATE_IN_FUTURE_06_12 1.3, __CT 0, __CT_TEXT_PLAIN > 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0 > X-SDCCD-SPAM: Gauge=XIII > X-SDCCD-SPAM: Probability=13% > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
