Mailing List ArchiveSupport open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]tlug: SMTP and junk email [was: How are they doing this? ]
- To: tlug@example.com
- Subject: tlug: SMTP and junk email [was: How are they doing this? ]
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Date: Tue, 12 Aug 1997 14:07:54 +0900
- In-reply-to: Your message of "Mon, 11 Aug 1997 15:48:38 +0900." <XFMail.970811155626.schweiz@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug
-------------------------------------------------------- tlug note from "Stephen J. Turnbull" <turnbull@example.com> -------------------------------------------------------- ***** Why is it so easy to spoof addresses in mail? The main reason is that the SMTP doesn't care what's in the message at all. Not the headers, nor the body. A simple SMTP session ("protocol replies" are generated by the remote host, and you should eliminate the # comments and any surrounding whitespace): bash% telnet 127.0.0.1 25 # 25 is the SMTP TCP port HELO your.own.domain # some hosts gethostbyaddress, not all ... some protocol reply ... MAIL FROM: any.old.address@example.com # this may have been # forwarded, eg from UUCP, # so nobody checks ... another protocol reply ... RCPT TO: real-addr@example.com # this does not have to # be any.host.where!!! # it does have to exist, # or nobody will care :-) ... one more protocol reply ... DATA any lines you want here, including more fake headers if you want or you can put real headers if you want! What a novel idea! . # just like Unix mail(1) # a dot by itself ends message ... message accepted protocol reply ... QUIT bash% Try it yourself on 127.0.0.1! For more info, check out RFC 821. (ftp://ftp.lab.kdd.co.jp/RFC/rfc821.txt or something like that). ***** Filtering junk mail using procmail I keep old junk mail around mostly because I've been too lazy to delete it. And it's useful for research. And it might have gotten auto-shit-canned by procmail but be a real person. Anyway, the most important thing to do is to trash any mail with an "X-UIDL" header. In my "archive" 298 of 500 junk messages had that header: bash-2.00$ scan +abuse | wc 500 4984 40400 bash-2.00$ fgrep UIDL ~/Mail/abuse/* | wc 298 595 20680 It is apparently added by some kind of bulk-mail software; I've never seen it in a real message. The following lines from my .procmailrc is the filter: :0: * X-UIDL|friend@example.com|cyberpromo|relay\.iemmc\.org|rensaw\.com |sallynet\.com|vol\.it|mkt-(usa|america)\.com|RESELL\.COM|THEHITMAN\.COM |powertips\.com|24hrplaymates\.com|qlink2info\.com|vaprnet\.com |cyberbytes\.com|for name removal|adultpatrol\.com|skyinet\.net |corpsite\.com|mlmail\.com|cyberbundle\.net $HOME/Mail/abuse/newmail (Lines folded and space added for readability.) Except for vol.it, all of the domains mentioned seem to exist only for the purpose of bulk mail. Quite of few of them are aliases for Cyberpromo. vol.it ended up on the shit-list when I saw it for 5 separate bulk mailings in one week. At present, on average 3 of 42 messages make it through this filter per week. The procmail list usually has lots of discussion on this, but it also gets spammed all the time so I don't read it any more. Any other suggestions would be welcome.... Steve -- Stephen J. Turnbull Institute of Policy and Planning Sciences Yaseppochi-Gumi University of Tsukuba http://turnbull.sk.tsukuba.ac.jp/ Tel: +81 (298) 53-5091; Fax: 55-3849 turnbull@example.com ----------------------------------------------------------------- a word from the sponsor will appear below ----------------------------------------------------------------- The TLUG mailing list is proudly sponsored by TWICS - Japan's First Public-Access Internet System. Now offering 20,000 yen/year flat rate Internet access with no time charges. Full line of corporate Internet and intranet products are available. info@example.com Tel: 03-3351-5977 Fax: 03-3353-6096
- Follow-Ups:
- tlug: PCMCIA modem cards
- From: "Alan B. Stone" <stoneab@example.com>
- Re: tlug: SMTP and junk email [was: How are they doing this? ]
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Re: tlug: SMTP and junk email [was: How are they doing this? ]
- From: Jim Tittsler <jwt@example.com>
- References:
- tlug: How are they doing this?
- From: Jim Schweizer <schweiz@example.com>
Home | Main Index | Thread Index
- Prev by Date: Re: tlug: tkman
- Next by Date: tlug: peripheral question
- Prev by thread: Re: tlug: How are they doing this?
- Next by thread: tlug: PCMCIA modem cards
- Index(es):
Home Page Mailing List Linux and Japan TLUG Members Links