> -----Original Message-----
> From: Kris Deugau [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 30, 2004 3:24 PM
> To: [email protected]
> Subject: Re: spoofed Received header
>
> Er, I think you're getting your terminology mixed up. Those
> are usually
> considered to be the same thing (ie, the SMTP "MAIL FROM:" == envelope
> sender). I think you mean the "From:" field in the message headers
> instead of "envelope from".
Yeah, sorry. I took a 50/50 shot at getting my terms right. I'm not running
for president. ;)
> Er... You don't want mail that you send to the list to
> appear as if you
> wrote it? That's what you're asking for here...
Yes and no. I think it should be clear that it wasn't sent directly by me, but
show for informational purposes that I wrote the content. This is somewhat
done in practice by prepending [listname] to the message subject, and having
the reply-to point to the list.
Anyway, my complaint wasn't about mailing list software, and this wouldn't be
the place for that anyway. What I was attempting to say, which somewhat
applied to this original thead, was that we do block From headers that claim to
be our domain. It works wonders for combatting spam and viruses, but you don't
get your own mail back from lists. *shrug*
Below is one example (I have quite a few) of why I do this - a social
engineering attack sent before I put this policy in place. I don't expect my
regional sales managers to know that this wasn't legitimate, although I do my
best to educate the users. This appeared to come from [EMAIL PROTECTED]:
Dear user of Riconcorp.com gateway e-mail server,
We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.
For details see the attached file.
For security reasons attached file is password protected. The password is
"14083".
Sincerely,
The Riconcorp.com team
http://www.riconcorp.com
