She who is called by the name Anne Cartwright asked:
Is there some way to back track e-mail spoofing to see where it is coming from?I keep getting spam that appears to be from me however it is not. I assume someone who has my e-mail address in their address book has a virus or worm in their computer that is using e-mail addresses from that person's address book in the "FROM" field of spam messages.
It's probably not possible to track it down, unless you can get your hands on the full headers of the email. Even then, it's often a puzzle.
It could be coming from an infected machine that has email from you on board, or your address in an address book. More likely, it's being generated by one of those huge spambots that contain tens of thousands of Windows machines. The botmasters scrape all the files they can find on the Internet to collect email addresses, and they have millions. They not only use these addresses as targets for their spam, but they also use them as return addresses.
I was having lots of problems with this a couple of years ago. Every day, I'd get dozens of bounces from bad email addresses to which I'd never sent mail. To stop this, I got really aggressive about making sure my email addresses don't appear on the Web in open form. On my Web pages I use a little Javascript [1] so any person reading the page can still see my address, but the automated scrapers are less likely to notice it. I also don't post to any site that doesn't obscure the address. It took a few months to catch hold, but it's really helped.
One other thing I do is attach a digital signature to almost all my email. A digital signature is very difficult to fake -- probably much harder than a written signature. This won't cut down on the spoofing, but it will settle any question about whether the email actually came from me.
[1] <script type="text/javascript"><!--
var name = "llarson";
var domain = "louisville.edu";
document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
document.write(name + '@' + domain + '</a>');
// --></script>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ The next Louisville Computer Society meeting will be March 25 at MacAuthority, 128 Breckinridge Lane. Posting address: [email protected] Information: http://www.math.louisville.edu/mailman/listinfo/macgroup
