RE: CLEVER SPAM EMAIL
-Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: 16 July 2002 18:13 To: Exchange Discussions Subject: RE: CLEVER SPAM EMAIL Reading those docs makes troubleshooting e-mail issues so much easier. Printing out RFC821 and trying to send e-mail from a telnet session (to duplicate what's being done in the RFCs) takes only a day, but the benefits will last much longer. I don't see how anyone could call themselves an email system administrator if they can't do this. It scares me that I might be exposing my poor email servers to people who think this is new news... -- This e-mail is intended for the addressee shown. It contains information that is confidential and protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons or unauthorized employees of the intended organisations is strictly prohibited. The contents of this email do not necessarily represent the views or policies of Luton Sixth Form College, its employees or students. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
And yet, Baldric^WRobert, there are administrators out there who would not recognize a clever spam email if it danced up and down in front of them singing Clever Spam Emails are Here Again. Which is (partially) why SMTP has continued to work, since it was designed to run without too much interference from the administrators; it is also why the likes of use continue to find employment, since when it does break it is usually a doozy. -- be - MOS A man paints with his brains and not with his hands. -Original Message- From: Robert Moir [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 5:27 AM To: Exchange Discussions Subject: RE: CLEVER SPAM EMAIL -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: 16 July 2002 18:13 To: Exchange Discussions Subject: RE: CLEVER SPAM EMAIL Reading those docs makes troubleshooting e-mail issues so much easier. Printing out RFC821 and trying to send e-mail from a telnet session (to duplicate what's being done in the RFCs) takes only a day, but the benefits will last much longer. I don't see how anyone could call themselves an email system administrator if they can't do this. It scares me that I might be exposing my poor email servers to people who think this is new news... -- This e-mail is intended for the addressee shown. It contains information that is confidential and protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons or unauthorized employees of the intended organisations is strictly prohibited. The contents of this email do not necessarily represent the views or policies of Luton Sixth Form College, its employees or students. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
Ah, yes but there's a bit more to that one, IIRC: And yet, Baldric^WRobert, there are administrators out there who would not recognize a clever spam email if it painted itself purple and danced naked on top of a harpsichord, singing Clever Spam Emails are Here Again. (I knew I'd memorized Blackadder's Christmas Carol for some good reason - it's a holiday tradition in our house!) Roberta Freese Information Systems Services [EMAIL PROTECTED] No offense intended to anyone, just thought I'd share ... back to lurking _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
Reading those docs makes troubleshooting e-mail issues so much easier. Printing out RFC821 and trying to send e-mail from a telnet session (to duplicate what's being done in the RFCs) takes only a day, but the benefits will last much longer. I don't see how anyone could call themselves an email system administrator if they can't do this. It scares me that I might be exposing my poor email servers to people who think this is new news... Well, to be fair there are plenty of folks on this list for whom e-mail administration (and even IT work in General) is not their full time job. It would (and does) scare me if someone who gets paid to administer an e-mail server exclusively hasn't read them. But even for the part time administrator, there's real value in reading the RFCs and playing around with sending an e-mail via telnet to your boss which appears to come from Bill Clinton. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
I did not have email with that woman. -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:41 AM To: Exchange Discussions Subject: RE: CLEVER SPAM EMAIL Reading those docs makes troubleshooting e-mail issues so much easier. Printing out RFC821 and trying to send e-mail from a telnet session (to duplicate what's being done in the RFCs) takes only a day, but the benefits will last much longer. I don't see how anyone could call themselves an email system administrator if they can't do this. It scares me that I might be exposing my poor email servers to people who think this is new news... Well, to be fair there are plenty of folks on this list for whom e-mail administration (and even IT work in General) is not their full time job. It would (and does) scare me if someone who gets paid to administer an e-mail server exclusively hasn't read them. But even for the part time administrator, there's real value in reading the RFCs and playing around with sending an e-mail via telnet to your boss which appears to come from Bill Clinton. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
Does this mean I have no recourse? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
You can disconnect from the Internet. Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Casey Taguchi Sent: Tuesday, July 16, 2002 7:12 AM To: Exchange Discussions Subject: RE: CLEVER SPAM EMAIL Does this mean I have no recourse? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
Really, and this doesn't apply solely to you, Mr. Taguchi, everyone should read and understand RFCs 821 and 822, and their successors 2821 and 2822. All this Spam, spoofing and security becomes pretty clear to you when you've read these documents. They don't take much time to go through, you're much better off for having done it. Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Casey Taguchi Sent: Tuesday, July 16, 2002 7:12 AM To: Exchange Discussions Subject: RE: CLEVER SPAM EMAIL Does this mean I have no recourse? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
Reading those docs makes troubleshooting e-mail issues so much easier. Printing out RFC821 and trying to send e-mail from a telnet session (to duplicate what's being done in the RFCs) takes only a day, but the benefits will last much longer. -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 12:02 PM To: Exchange Discussions Subject: RE: CLEVER SPAM EMAIL Really, and this doesn't apply solely to you, Mr. Taguchi, everyone should read and understand RFCs 821 and 822, and their successors 2821 and 2822. All this Spam, spoofing and security becomes pretty clear to you when you've read these documents. They don't take much time to go through, you're much better off for having done it. Ed Crowley MCSE+Internet MVP kcCC+I Tech Consultant hp Services Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Casey Taguchi Sent: Tuesday, July 16, 2002 7:12 AM To: Exchange Discussions Subject: RE: CLEVER SPAM EMAIL Does this mean I have no recourse? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
CLEVER SPAM EMAIL
Greetings, We have been receiving mail from someone out there where they have been placing the return address as the receivers address. When the user receives a message it looks as though its coming from themselves. Is there anywhere in the Exchange 5.5 admin where I can place a restriction on emails to have the from address as the ligitimate address its comming from? Thanks for anyone who can help. Casey _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
When you figure out how to verify the from address is legitimate, let me know. A similar related conversation took place last week on a similar topic. The subject of the thread was RE: MAIL SPOOFING;NOT MAN SPOOFING. -Original Message- From: Casey Taguchi [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:28 PM To: Exchange Discussions Subject: CLEVER SPAM EMAIL Greetings, We have been receiving mail from someone out there where they have been placing the return address as the receivers address. When the user receives a message it looks as though its coming from themselves. Is there anywhere in the Exchange 5.5 admin where I can place a restriction on emails to have the from address as the ligitimate address its comming from? Thanks for anyone who can help. Casey _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
Here is a copy of the header I got from the user. It appears that the senders address has been forged with the receivers address. Received: from mail.syncor.com (YWING [10.10.51.35]) by us-whl-e2.syncor.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3VBMCSA6; Sat, 13 Jul 2002 13:14:14 -0700 Received: from host101-228.pool22816.interbusiness.it (host101-228.pool22816.interbusiness.it [80.16.228.101] (may be forged)) by mail.syncor.com (Build 101 8.9.3/NT-8.9.3) with SMTP id MAA03382 for [EMAIL PROTECTED]; Sat, 13 Jul 2002 12:55:44 -0700 From: [EMAIL PROTECTED] X-Authentication-Warning: mail.syncor.com: host101-228.pool22816.interbusiness.it [80.16.228.101] (may be forged) didn't use HELO protocol Date: Sat, 13 Jul 2002 16:18:45 -0500 MIME-Version: 1.0 Message-Id: [EMAIL PROTECTED] X-Encoding: MIME Content-Type: multipart/alternative; boundary==_NextPart_1125_42721275202112618143383266572 Content-Transfer-Encoding: quoted-printable Received: from syncor.com by 0QRMDI33724O.syncor.com with SMTP for [EMAIL PROTECTED]; Sat, 13 Jul 2002 16:18:45 -0500 Importance: Normal To: [EMAIL PROTECTED] Subject: Keep porn free... X-Priority: 3 Reply-To: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: CLEVER SPAM EMAIL
[EMAIL PROTECTED]?? -Original Message- From: Casey Taguchi [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 10:58 AM To: Exchange Discussions Subject: RE: CLEVER SPAM EMAIL Here is a copy of the header I got from the user. It appears that the senders address has been forged with the receivers address. Received: from mail.syncor.com (YWING [10.10.51.35]) by us-whl-e2.syncor.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3VBMCSA6; Sat, 13 Jul 2002 13:14:14 -0700 Received: from host101-228.pool22816.interbusiness.it (host101-228.pool22816.interbusiness.it [80.16.228.101] (may be forged)) by mail.syncor.com (Build 101 8.9.3/NT-8.9.3) with SMTP id MAA03382 for [EMAIL PROTECTED]; Sat, 13 Jul 2002 12:55:44 -0700 From: [EMAIL PROTECTED] X-Authentication-Warning: mail.syncor.com: host101-228.pool22816.interbusiness.it [80.16.228.101] (may be forged) didn't use HELO protocol Date: Sat, 13 Jul 2002 16:18:45 -0500 MIME-Version: 1.0 Message-Id: [EMAIL PROTECTED] X-Encoding: MIME Content-Type: multipart/alternative; boundary==_NextPart_1125_42721275202112618143383266572 Content-Transfer-Encoding: quoted-printable Received: from syncor.com by 0QRMDI33724O.syncor.com with SMTP for [EMAIL PROTECTED]; Sat, 13 Jul 2002 16:18:45 -0500 Importance: Normal To: [EMAIL PROTECTED] Subject: Keep porn free... X-Priority: 3 Reply-To: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]