Spoofed e-mail address

[John the train]

Not sure if this really belongs in ' Security ', as I'll explain, but I thought it was the best place to get an answer.
I'm pretty sure my F11 box hasn't been hacked - I'm behind a modem router with firewall and SElinux enabled by default - but checking my mail this morning I noticed several ' delivery failures ' ( allegedly ) from hotmail referring to mail I hadn't sent. When I checked the spam folder for the on-line side of my mail account there were more failure notices.
Two points that may be relevant, one is the recent Hotmail exploit, the other is that this only occurred with the address I use for railway matters, and some people cc to everybody, so it's odds on that address is on a good few computers.
On one occassion when I checked my spam folder on-line I found spam which claimed to be from myself, so I know the ' send ' address can be spoofed, is this the explanation, or is it a new kind of attack linked to the Hotmail exploit?

[Nokia]

I would'n worry very much about it. My Spam section is full of emails sent by "me" to me (thanks to my "Everybody's using Windows"-type contacts )

[pete_1967]

Spammer has simply used your address as sender in their latest batch, and dumb mail servers then return error messages to you. Another possibility is you're lucky receiver of "Mail server error spam" where spammer sends messages looking like legitimate mail server error message which are normally let through by all spam filters and more likely to be opened and read by the recipient (you).

[scottro]

It's called backscatter if you want to google it further. I have a dated page on postfix that deals with one way to handle it if you run postfix.

http://home.roadrunner.com/~computer...u/postfix.html

It's towards the end of the article, just search for the word backscatter on the page.

[John the train]

Nokia, Pete,
Thanks for confirming my suspicions, I wasn't sure if failure messages could be spoofed, but I suppose it's similar to phishing, get a genuine copy and edit.
The ' cc everyone ' procedure is a real pain when it's used for all mail, regardless of relevance, and even more so when some recipients don't have the first idea about security.

[scottro]

Unfortunately, far too many of our friends and relations will, meaning well, pass on the latest joke, virus warning (seen on MSN!!!!! It will eat your refrigerator!!!! SEND THIS TO EVERYONE!!!), cute cat picture, or the thing to be passed to 5 people because it really works, I always send a very polite (as they are friends and family) note explaining that they've now given hundreds of email addresses to lots of people who shouldn't have them.

Hopefully, at least some of them think about it next time, and start using bcc.

[John the train]

Quote:

Originally Posted by scottro

Unfortunately, far too many of our friends and relations will, meaning well, pass on the latest joke, virus warning (seen on MSN!!!!! It will eat your refrigerator!!!! SEND THIS TO EVERYONE!!!), cute cat picture, or the thing to be passed to 5 people because it really works, I always send a very polite (as they are friends and family) note explaining that they've now given hundreds of email addresses to lots of people who shouldn't have them.

Hopefully, at least some of them think about it next time, and start using bcc.

Even worse, I get some forwarded mail with two or even three layers of 'cc' s. Must work out how to strip those off ( in Thunderbird ) if I need to forward anything. Back in the old ( snailmail ) days would they have left their address book / filofax lying around for everyone to read?

[scottro]

Yeah, that's what I meant, actually. Their cc's which are top posted over someone else's cc's, basically spammer's delight.

[DCOH]

Click> Drag>copy and post to new compose then send as new bcc email only takes a few minutes and stop the spread of email addresses. That's what I do on multi layers, otherwise when you forward Hi-lite and delete all email addresses.

[Nokia]

Perhaps you're confusing cc with bcc (blind cc) ?

[John the train]

As far as I'm aware bcc mail will show in your mailbox as if it was only sent to you, while cc will list everyone it was sent to. No exaggeration, one general circulation I received had 17 lines of addresses in clear! I'm certainly going to follow scottro's advice in post #6 and have a polite word with friends and relations who cc to all and sundry,. I'll also have a diplomatic word with my railway colleagues about using bcc, after all, all it needs is a ' copied to... ' line with their real names in the body of text if someone really needs to know who else has received a copy.

[Evil_Bert]

Quote:

Originally Posted by scottro

... cute cat picture ...

But who can resist a cute cat picture? LOLCAT spam is coming, be warned ....

I once had a case at work where someone outside the work network spoofed abusive e-mails from my address to people in my workgroup. It was easy to spot, though.

[zackf]

Quote:

Originally Posted by scottro

It's called backscatter if you want to google it further. I have a dated page on postfix that deals with one way to handle it if you run postfix.

Cool, new word of the day, I read up on it from your link. Good stuff.

[scottro]

Glad you found it useful. Thanks for letting me know.