>To know how to fix something, we must first thoroughly understand the
>problem. So, I'd appreciate answers to the following questions which bring
>technical issues down to my user level, and may benefit others in coming up
>with a fix:
>Q: how do the guys forging my email address get it to begin with?
>A: My guess is through packet sniffers. Is this the case, though?
The most common source is probably trawling through Usenet posts for the
email addresses of the posters. However there are also lots of other places
to gather email addresses. A good article describing some of the ways spammers
obtain addresses is http://www.private.org.il/harvest.html
Quote:>Q: are there ways that they can hide behind spammer friendly servers, or
>even spoof their servers into thinking it's actually someone else sending
>out spam mail?
>A: Seems like it.
There are some spam friendly sites see http://www.spamhaus.org
However often the spammer will obtain a free trial account at one of the
ISPs. A number of ISPs just give out free trial CDs.
They will also send their mail out through intermediate Open-relay systems.
It's fairly common for a spammer to have their account closed down because of
complaints in the morning and be up and running at another ISP (or maybe even
the same ISP with a different account) in the afternoon.
Spammers habitually forge addresses, add in additional forged received
headerlines etc in order to confuse the recipient as to where the mail has come
from. Forging the from address has the additional benefit that they do not get
the non-delivery reports bounced back to them if the address list they have is
out of date.
SMTP is exactly what it says - SIMPLE MAIL TRANSFER PROTOCOL.
It has no facilities builtin to check that your from address is valid.
Most PC mailers make forging really easy since they let you set the from
then no further check is done. Hence you can easily send mail which appears
Mailers on multiuser systems in contrast are often configured so that although
you can change the from address the mail software automatically adds in a
sender address which corresponds to the account being used on the multiuser
system. However the spammer can always bypass this and write his own piece of
code (or even type in the commands manually) which will connect to a mail
server and send out the mail. The protocol and all the commands necessary are
well described in RFCs.
Getting an ISP to force its customers to use from addresses within its own
domain causes other problems. Organisations setup measures so that their
mail servers are not open-relays. However this means that their employees who
are using some other ISP from home cannot use their organisations mailserver to
send out mail to the rest of the world - since as far as the mailserver is
concerned they are sending from outside to outside ie relaying.
The simplest solution to this is to tell the employee to configure their home
system to send mail out through their ISPs mailhub. However the employee
generally wants replies to go back to their works mail account. Hence they
require the ability to set their from address to their works account but still
to send out through their ISPs mailhub.
Quote:>Q: seems like my email address alone isn't enough to trick my ISP mail
>server into accepting mail with my email addy on it that comes in from
>outside the ISP net.
>If this is so, what data bits does a successful email address forger need?
He just needs your email address. He just sends his mail messages out to
everybody with your email address as the from address. Any bounces or
complaints are then sent to you. The original messages (rather than the bounces
or complaints) usually won't have passed anywhere near your ISPs systems.
If he tries to send mail using your ISP (irrespective of what from address
he has specified) then if he does it from an internet address which doesn't
correspond to your ISP and is sending to non-local users then he should hit
the anti-relaying protection your ISP has configured on their mailhub.
However that protection has nothing whatsoever to do with whether he has
forged your mail address or not.
Spammers love systems which haven't had this protection implemented - open
Quote:>Q: If the question above is basically yes, then how does the forger get
>these data bits?
>A: is it via packet sniffing, again?
I doubt if any mail forger resorts to packet sniffing.
Quote:>Q: Is there anything I'm doing that I shouldn't be doing, or that I'm not
>doing that I should be doing which singles out my email address for a
>foger/spammer to grab onto?
See article mentioned above.
VMS and Unix team leader