DNSSEC will come in handy. Standby mister Amir Haris
On Fri, Oct 8, 2010 at 3:17 PM, Ang Chin Han <[email protected]> wrote: > On Fri, Oct 8, 2010 at 2:48 PM, Harisfazillah Jamel > <[email protected]> wrote: > > Anyone any idea. If the email address also been spoof? Any tools can > > do this. From the header I do found it valid. > > > > 98.138.83.126 -> Address for Yahoo.. Yes Its to my Yahoo account. > > > > 65.55.90.146 -> Coming from Micorosft Network > > > > http://www.ip-adress.com/ip_tracer/65.55.90.146 > > > > This email may origin from email client from IP 120.140.22.218 -> SMTP > > send through MSN network. > > > > Any comment? > > :( > > Email admins should have known about Sender Policy Framework: > http://en.wikipedia.org/wiki/Sender_Policy_Framework > yahoo.com doesn't use it, though. > > Say, [email protected] > > $ dig txt hotmail.com > > hotmail.com. 3600 IN TXT "v=spf1 include: > spf-a.hotmail.com > include:spf-b.hotmail.com include:spf-c.hotmail.com > include:spf-d.hotmail.com ~all" > > $ dig spf-a.hotmail.com spf-b.hotmail.com spf-c.hotmail.com | grep spf1 > > spf-a.hotmail.com. 3544 IN TXT "v=spf1 ip4: > 209.240.192.0/19 > ip4:65.52.0.0/14 ip4:131.107.0.0/16 ip4:157.54.0.0/15 > ip4:157.56.0.0/14 ip4:157.60.0.0/16 ip4:167.220.0.0/16 > ip4:204.79.135.0/24 ip4:204.79.188.0/24 ip4:204.79.252.0/24 > ip4:207.46.0.0/16 ip4:199.2.137.0/24 ~all" > spf-b.hotmail.com. 3565 IN TXT "v=spf1 ip4: > 199.103.90.0/23 > ip4:204.182.144.0/24 ip4:204.255.244.0/23 ip4:206.138.168.0/21 > ip4:64.4.0.0/18 ip4:65.54.128.0/17 ip4:207.68.128.0/18 > ip4:207.68.192.0/20 ip4:207.82.250.0/23 ip4:207.82.252.0/23 > ip4:209.1.112.0/23 ~all" > spf-c.hotmail.com. 3593 IN TXT "v=spf1 ip4: > 209.185.128.0/23 > ip4:209.185.130.0/23 ip4:209.185.240.0/22 ip4:216.32.180.0/22 > ip4:216.32.240.0/22 ip4:216.33.148.0/22 ip4:216.33.151.0/24 > ip4:216.33.236.0/22 ip4:216.33.240.0/22 ip4:216.200.206.0/24 > ip4:204.95.96.0/20 ~all" > > And those should be the IP block ranges where [email protected] should > be coming in from. > > Caveat lector: it's the first time I'm actually looking these up. > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > -- Hasanuddin Abu Bakar GSEC #28858 IT Security Engineer +6017 913 1983 Sigma Rectrix Systems (M) Sdn Bhd No.15 & 15-1, Jalan Equine 9A, Equine Park, Bandar Putra Permai 43300 Seri Kembangan Selangor URL : www.sigmarectrix.com Phone : 03-89486696 Fax : 03-89487796 Helpdesk : 03-89486596
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
