At 03:57 PM 8/14/2002 -0400, Bagotronix Tech Support wrote:
>You need to make sure YOU don't have a virus.  Some of these viruses can
>rifle through your address book and send e-mails without you knowing about
>it.

That's true; however, particularly with Klez, it has become normal for 
viruses I receive to have addresses which are *not* of the actual sender 
(or, more accurately, of the owner of the infected computer). That many 
users are sent scurrying to check their computers upon receiving a 
complaint is part of the damage that the virus does.

Certainly, one should take appropriate steps to insure that one's computer 
is not infected. But under current conditions, receiving notice complaining 
about a virus coming from your computer is almost no indication at all of 
infection, and, conversely, one could well be infected with a computer busy 
sending out copies of the virus, and one receives no warnings.

Running firewall software, like Zona Alarm, that requires specific 
authorization for any internet access has become highly advisable.

If I receive a virus (and I receive one maybe once a day), and the apparent 
sender is known to me, I may take the further step of looking at the 
headers. Of late, it has been clear that the apparent sender has not been 
the real sender, it is quite clear from the Received headers, the most 
recent of which cannot be faked. (And it appears that Klez does not spoof 
Received headers at all. A future virus will, count on it.)

As to spoofing an outgoing address, I'm pretty sure that AOL's provided 
software won't allow you to do this. But if you are connected to the 
internet through AOL, your own mail software, such as Outlook or Eudora, 
will do it through another ISP's SMTP server.

What you need is an SMTP server that you can access. It used to be that 
SMTP servers, in general, were wide open to be used and abused, the latter 
typically by spammers. Now, only poorly managed systems have open SMTP 
servers, and they are considered a public hazard. But policy varies between 
internet providers as to how their SMTP servers can be accessed.

As I mentioned, Verizon's SMTP server -- for "home" wideband, which is 
*much* cheaper than business wideband, detects any attempt to use a From: 
or even a Reply-to: header which is not on the Verizon domain, so it 
rejects the mail, and you must be logged in to Verizon's network to use the 
SMTP server. Earthlink provided an authentication server that could be used 
for sending mail from outside their network, and, once authenticated, one 
could use whatever address one chooses in the From and Reply To headers. 
One's real address, with them, remained visible in the Received headers.

Some ISPs allow anyone logged directly into the network to use the SMTP 
server without restriction. Sometimes these servers can also be access from 
outside the network with some sort of authentication required.

In the case of my web provider, addr.com, the SMTP server allows any 
apparent outgoing or reply address to be used. They do not provide dial-up 
service at all, so they have to allow outside access. The way that they 
authenticate is to log the IP addresses of users who check their mail. In 
order to check the mail, one has to log in with a password. That suffices 
for authentication. Then, for a limited time, outgoing mail from the same 
IP address will be accepted.

So if I want to spoof an address, I just set up a Eudora identity with the 
address I want to show, then I give the addr.com SMTP server as the one to 
use for sending mail. Then, before I try to send the mail, I check any one 
of my addr.com accounts for incoming mail. If I forget to do this before 
trying to send the mail, the SMTP server rejects my mail with a 550 error.

I needed to do this to deal with some list subscriptions that used my old 
[EMAIL PROTECTED] address from California, after the provider there finally 
dropped the free forwarding and SMTP access which they had until then allowed.


************************************************************************
* Tracking #: DFE289D7DEF0704DB8F66D85507112A9133B5BCF
*
************************************************************************

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* To post a message: mailto:[EMAIL PROTECTED]
*
* To leave this list visit:
* http://www.techservinc.com/protelusers/leave.html
*
* Contact the list manager:
* mailto:[EMAIL PROTECTED]
*
* Forum Guidelines Rules:
* http://www.techservinc.com/protelusers/forumrules.html
*
* Browse or Search previous postings:
* http://www.mail-archive.com/proteledaforum@techservinc.com
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Reply via email to