Owen,
For us idiots, neophytes, saprophytes, and any other -phytes out here, PLEASE explain why you keep sending us these scary messages. My computer is starting to show signs of hypochondria. Did you know that the HelpDesk at Clark once accused me of having "Munchschausen's Syndrome By Computer". Nick Nicholas S. Thompson Professor of Psychology and Ethology Clark University [hidden email] http://home.earthlink.net/~nickthompson/ [hidden email] > [Original Message] > From: <[hidden email]> > To: <[hidden email]> > Date: 1/4/2005 9:00:19 AM > Subject: Friam Digest, Vol 19, Issue 4 > > Send Friam mailing list submissions to > [hidden email] > > To subscribe or unsubscribe via the World Wide Web, visit > http://redfish.com/mailman/listinfo/friam_redfish.com > or, via email, send a message with subject or body 'help' to > [hidden email] > > You can reach the person managing the list at > [hidden email] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Friam digest..." > > > Today's Topics: > > 1. {Virus?} Re: (Owen) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 03 Jan 2005 19:33:59 -0800 > From: "Owen" <[hidden email]> > Subject: [FRIAM] {Virus?} Re: > To: "Friam" <[hidden email]> > Message-ID: <[hidden email]> > Content-Type: text/plain; charset="us-ascii" > > An HTML attachment was scrubbed... > URL: tm > -------------- next part -------------- > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "Secret.cpl" > was believed to be infected by a virus and has been replaced by this warning > message. > > If you wish to receive a copy of the *infected* attachment, please > forward this email to the support department requesting a copy of the attachment. > > At Mon Jan 3 23:34:46 2005 the virus scanner said: > Secret.cpl Infection: W32/Bagle.AH@mm > Control panel items are often used to hide viruses (Secret.cpl) > > Note to Help Desk: Look on Virus MailScanner in /var/spool/MailScanner/quarantine/20050103 (message 1ClfSX-0003al-6U). > -- > Postmaster > > ------------------------------ > > _______________________________________________ > Friam mailing list > [hidden email] > http://redfish.com/mailman/listinfo/friam_redfish.com > > > End of Friam Digest, Vol 19, Issue 4 > ************************************ |
Administrator
|
Hi Nick. Oddly enough, I don't receive these because my spam filters
catch them and put them in my spam folder (I get between 1500 and 2000 a month). I'm a bit surprised this is getting through to so many of us .. I assumed our ISPs used fairly sophisticated blocking. This is fairly simple. There are two sides to email protocols: sending and receiving. POP and IMAP are receiving protocols: how you get email from you mail server/ISP. SMTP (Simple Mail Transport Protocol) is how mail gets sent from your computer. The problem we're having is within the SMTP world. SMTP originally was a store-and-forward mechanism where servers would now and again forward large bundles of email onto the next hop in their journey. This means that mail transport is *NOT* connection based .. i.e. when you send mail from your computer to my IMAP/POP server, it need not be done with a single connection between your SMTP server and my IMAP/POP server. There are relays (hops) in between. You can see them by asking your mail reading software to show you the "full headers" of an email. For example, here are the first third or so of the header lines from your email: From: [hidden email] Subject: [FRIAM] RE:virus message Date: January 4, 2005 11:26:22 AM MST To: [hidden email] Delivery-Date: Tue, 04 Jan 2005 13:27:01 -0500 Received: from backspac by sparta.hostgo.com with local-bsmtp (Exim 4.43) id 1CltOL-0006bP-EQ for [hidden email]; Tue, 04 Jan 2005 13:26:58 -0500 Received: from [64.62.180.132] (helo=athens.hostgo.com) by sparta.hostgo.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43) id 1CltOI-0006aR-Qs; Tue, 04 Jan 2005 13:26:46 -0500 Received: from localhost ([127.0.0.1] helo=athens.hostgo.com) by athens.hostgo.com with esmtp (Exim 4.43) id 1CltOS-0004yA-7o; Tue, 04 Jan 2005 14:26:56 -0400 Received: from [209.86.89.66] (helo=smtpauth06.mail.atl.earthlink.net) by athens.hostgo.com with esmtp (Exim 4.43) id 1CltOD-0004w5-LY for [hidden email]; Tue, 04 Jan 2005 14:26:42 -0400 Received: from [70.57.242.30] (helo=earthlink.net) by smtpauth06.mail.atl.earthlink.net with asmtp (Exim 4.34) id 1CltNu-0004XT-1Y for [hidden email]; Tue, 04 Jan 2005 13:26:22 -0500 Domainkey-Signature: a=rsa-sha1; q=dns; c=simple; s=test1; d=earthlink.net; h=Message-ID:X-Priority:Reply-To:X-Mailer:From:To:Subject:Date:MIME- Version:Content-type; b=hSUaAoV3qerPOGmiBOFJOurcPUWmuT0+PbDwSDurH5bVILXPnQxbE5ewISpQ58dI; Message-Id: <[hidden email]> .... Note that each "Received:" header shows a hop in the progress of your email. This proves to create extremely difficult security/spam problems. Were SMTP to be a connection based service, various checks could be made to help insure folks are who they say they are. You would be sure "owen" was in fact the sender. So here's what has happened. Someone has found my [hidden email] mail address and done one of two things. 1-It simply uses a mail anonymizing service which fakes a "From:" header to be from me. 2-It notices that my mail service allows forwarding and it uses it to fake being me. (A third alternative is that they've hacked the server backspaces.net lives on and simply pretend to be me. These are deeper waters.) There is one more fine point: Friam.org only allows mail to be sent from members. This means the spammer is clever and trying to do mailgroup spamming. This is recently becoming a popular spam stunt, sort of a new treasure trove for spam kings. So likely this cleaver bastard has found the friam list, and somehow found a message from me, and thus knows that he/she can gain spam access to friam.org via forging my email address, either 1 or 2 above. Sigh. Owen On Jan 4, 2005, at 11:26 AM, Nicholas Thompson wrote: > Owen, > > For us idiots, neophytes, saprophytes, and any other -phytes out here, > PLEASE explain why you keep sending us these scary messages. My > computer > is starting to show signs of hypochondria. > > Did you know that the HelpDesk at Clark once accused me of having > "Munchschausen's Syndrome By Computer". > > Nick > > Nicholas S. Thompson > Professor of Psychology and Ethology > Clark University > [hidden email] > http://home.earthlink.net/~nickthompson/ > [hidden email] > > >> [Original Message] >> From: <[hidden email]> >> To: <[hidden email]> >> Date: 1/4/2005 9:00:19 AM >> Subject: Friam Digest, Vol 19, Issue 4 >> >> Send Friam mailing list submissions to >> [hidden email] >> >> To subscribe or unsubscribe via the World Wide Web, visit >> http://redfish.com/mailman/listinfo/friam_redfish.com >> or, via email, send a message with subject or body 'help' to >> [hidden email] >> >> You can reach the person managing the list at >> [hidden email] >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of Friam digest..." >> >> >> Today's Topics: >> >> 1. {Virus?} Re: (Owen) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Mon, 03 Jan 2005 19:33:59 -0800 >> From: "Owen" <[hidden email]> >> Subject: [FRIAM] {Virus?} Re: >> To: "Friam" <[hidden email]> >> Message-ID: <[hidden email]> >> Content-Type: text/plain; charset="us-ascii" >> >> An HTML attachment was scrubbed... >> URL: > /pipermail/friam_redfish.com/attachments/20050103/83414c1e/attachment > -0001.h > tm >> -------------- next part -------------- >> This is a message from the MailScanner E-Mail Virus Protection Service >> ---------------------------------------------------------------------- >> The original e-mail attachment "Secret.cpl" >> was believed to be infected by a virus and has been replaced by this > warning >> message. >> >> If you wish to receive a copy of the *infected* attachment, please >> forward this email to the support department requesting a copy of the > attachment. >> >> At Mon Jan 3 23:34:46 2005 the virus scanner said: >> Secret.cpl Infection: W32/Bagle.AH@mm >> Control panel items are often used to hide viruses (Secret.cpl) >> >> Note to Help Desk: Look on Virus MailScanner in > /var/spool/MailScanner/quarantine/20050103 (message 1ClfSX-0003al-6U). >> -- >> Postmaster >> >> ------------------------------ >> >> _______________________________________________ >> Friam mailing list >> [hidden email] >> http://redfish.com/mailman/listinfo/friam_redfish.com >> >> >> End of Friam Digest, Vol 19, Issue 4 >> ************************************ > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org > |
Owen,
Thanks for the detailed explanation of what happened. Do you (and others) have any suggestions on prevention? Someone has done similar things with [hidden email] except that it was sent to an Air Force email address. ( I got the reject notice because a virus attachment was detected. These days, as a naturalized US citizen, the last thing I want is to mess with any US government agencies and get deported.) I even has it set up with my email server such that it requires a password confirmation before I can send out a message. Obviously, it does not work in this case since the person was not sending it from my mail server. How can we prevent someone else from assuming our email identity? Belinda Owen Densmore wrote: > Hi Nick. Oddly enough, I don't receive these because my spam filters > catch them and put them in my spam folder (I get between 1500 and > 2000 a month). I'm a bit surprised this is getting through to so > many of us .. I assumed our ISPs used fairly sophisticated blocking. > > This is fairly simple. There are two sides to email protocols: > sending and receiving. POP and IMAP are receiving protocols: how you > get email from you mail server/ISP. SMTP (Simple Mail Transport > Protocol) is how mail gets sent from your computer. The problem > we're having is within the SMTP world. > > SMTP originally was a store-and-forward mechanism where servers would > now and again forward large bundles of email onto the next hop in > their journey. This means that mail transport is *NOT* connection > based .. i.e. when you send mail from your computer to my IMAP/POP > server, it need not be done with a single connection between your > SMTP server and my IMAP/POP server. There are relays (hops) in > between. You can see them by asking your mail reading software to > show you the "full headers" of an email. For example, here are the > first third or so of the header lines from your email: > From: [hidden email] > Subject: [FRIAM] RE:virus message > Date: January 4, 2005 11:26:22 AM MST > To: [hidden email] > Delivery-Date: Tue, 04 Jan 2005 13:27:01 -0500 > Received: from backspac by sparta.hostgo.com with local-bsmtp > (Exim 4.43) id 1CltOL-0006bP-EQ for [hidden email]; Tue, 04 > Jan 2005 13:26:58 -0500 > Received: from [64.62.180.132] (helo=athens.hostgo.com) by > sparta.hostgo.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43) id > 1CltOI-0006aR-Qs; Tue, 04 Jan 2005 13:26:46 -0500 > Received: from localhost ([127.0.0.1] helo=athens.hostgo.com) > by athens.hostgo.com with esmtp (Exim 4.43) id 1CltOS-0004yA-7o; Tue, > 04 Jan 2005 14:26:56 -0400 > Received: from [209.86.89.66] > (helo=smtpauth06.mail.atl.earthlink.net) by athens.hostgo.com with > esmtp (Exim 4.43) id 1CltOD-0004w5-LY for [hidden email]; Tue, 04 > Jan 2005 14:26:42 -0400 > Received: from [70.57.242.30] (helo=earthlink.net) by > smtpauth06.mail.atl.earthlink.net with asmtp (Exim 4.34) id > 1CltNu-0004XT-1Y for [hidden email]; Tue, 04 Jan 2005 13:26:22 -0500 > Domainkey-Signature: a=rsa-sha1; q=dns; c=simple; s=test1; > d=earthlink.net; > h=Message-ID:X-Priority:Reply-To:X-Mailer:From:To:Subject:Date:MIME- > Version:Content-type; > b=hSUaAoV3qerPOGmiBOFJOurcPUWmuT0+PbDwSDurH5bVILXPnQxbE5ewISpQ58dI; > Message-Id: <[hidden email]> > .... > Note that each "Received:" header shows a hop in the progress of your > email. > > This proves to create extremely difficult security/spam problems. > Were SMTP to be a connection based service, various checks could be > made to help insure folks are who they say they are. You would be > sure "owen" was in fact the sender. > > So here's what has happened. Someone has found my > [hidden email] mail address and done one of two things. 1-It > simply uses a mail anonymizing service which fakes a "From:" header > to be from me. 2-It notices that my mail service allows forwarding > and it uses it to fake being me. (A third alternative is that > they've hacked the server backspaces.net lives on and simply pretend > to be me. These are deeper waters.) > > There is one more fine point: Friam.org only allows mail to be sent > from members. This means the spammer is clever and trying to do > mailgroup spamming. This is recently becoming a popular spam stunt, > sort of a new treasure trove for spam kings. So likely this cleaver > bastard has found the friam list, and somehow found a message from > me, and thus knows that he/she can gain spam access to friam.org via > forging my email address, either 1 or 2 above. > > Sigh. > > Owen > > On Jan 4, 2005, at 11:26 AM, Nicholas Thompson wrote: > >> Owen, >> >> For us idiots, neophytes, saprophytes, and any other -phytes out here, >> PLEASE explain why you keep sending us these scary messages. My >> computer >> is starting to show signs of hypochondria. >> >> Did you know that the HelpDesk at Clark once accused me of having >> "Munchschausen's Syndrome By Computer". >> >> Nick >> >> Nicholas S. Thompson >> Professor of Psychology and Ethology >> Clark University >> [hidden email] >> http://home.earthlink.net/~nickthompson/ >> [hidden email] >> >> >>> [Original Message] >>> From: <[hidden email]> >>> To: <[hidden email]> >>> Date: 1/4/2005 9:00:19 AM >>> Subject: Friam Digest, Vol 19, Issue 4 >>> >>> Send Friam mailing list submissions to >>> [hidden email] >>> >>> To subscribe or unsubscribe via the World Wide Web, visit >>> http://redfish.com/mailman/listinfo/friam_redfish.com >>> or, via email, send a message with subject or body 'help' to >>> [hidden email] >>> >>> You can reach the person managing the list at >>> [hidden email] >>> >>> When replying, please edit your Subject line so it is more specific >>> than "Re: Contents of Friam digest..." >>> >>> >>> Today's Topics: >>> >>> 1. {Virus?} Re: (Owen) >>> >>> >>> ---------------------------------------------------------------------- >>> >>> Message: 1 >>> Date: Mon, 03 Jan 2005 19:33:59 -0800 >>> From: "Owen" <[hidden email]> >>> Subject: [FRIAM] {Virus?} Re: >>> To: "Friam" <[hidden email]> >>> Message-ID: <[hidden email]> >>> Content-Type: text/plain; charset="us-ascii" >>> >>> An HTML attachment was scrubbed... >>> URL: >> >> /pipermail/friam_redfish.com/attachments/20050103/83414c1e/attachment >> -0001.h >> tm >> >>> -------------- next part -------------- >>> This is a message from the MailScanner E-Mail Virus Protection Service >>> ---------------------------------------------------------------------- >>> The original e-mail attachment "Secret.cpl" >>> was believed to be infected by a virus and has been replaced by this >> >> warning >> >>> message. >>> >>> If you wish to receive a copy of the *infected* attachment, please >>> forward this email to the support department requesting a copy of the >> >> attachment. >> >>> >>> At Mon Jan 3 23:34:46 2005 the virus scanner said: >>> Secret.cpl Infection: W32/Bagle.AH@mm >>> Control panel items are often used to hide viruses (Secret.cpl) >>> >>> Note to Help Desk: Look on Virus MailScanner in >> >> /var/spool/MailScanner/quarantine/20050103 (message 1ClfSX-0003al-6U). >> >>> -- >>> Postmaster >>> >>> ------------------------------ >>> >>> _______________________________________________ >>> Friam mailing list >>> [hidden email] >>> http://redfish.com/mailman/listinfo/friam_redfish.com >>> >>> >>> End of Friam Digest, Vol 19, Issue 4 >>> ************************************ >> >> >> >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9AM @ Jane's Cafe >> Lecture schedule, archives, unsubscribe, etc.: >> http://www.friam.org >> > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org > |
Belinda Wong-Swanson wrote:
> Owen, > > Thanks for the detailed explanation of what happened. > > Do you (and others) have any suggestions on prevention? > > Someone has done similar things with [hidden email] except that it > was sent to an Air Force email address. ( I got the reject notice > because a virus attachment was detected. These days, as a naturalized US > citizen, the last thing I want is to mess with any US government > agencies and get deported.) I even has it set up with my email server > such that it requires a password confirmation before I can send out a > message. Obviously, it does not work in this case since the person was > not sending it from my mail server. How can we prevent someone else from > assuming our email identity? > > Belinda Belinda - This is called a "joe job": your email address is forged as the sender of a virus or some spam or any message you didn't actually send. It's been happening for years, but they're getting more creative about it now a days. If the govt decides to start investigating everyone who gets joe jobbed, then the end of civilization as we know it will have definitely arrived, because they will no longer have the resources to pursue any of the other responsibilities of govt. There is a solution in the works, as http://spf.pobox.com explains. The idea is that every domain specifies the mail servers which are allowed to send their outgoing mail. So Owen would list the mail servers at hostgo as the only servers permitted to send mail from backspaces.net, and then when Friam received mail From: [hidden email] that didn't originate from a hostgo mail server, Friam would know it was forged. I haven't been able to set it up for my domains, yet, but I expect it will become more possible in the near future. -- rec -- |
In reply to this post by Belinda Wong-Swanson
Belinda Wong-Swanson wrote:
> Owen, > > Thanks for the detailed explanation of what happened. > > Do you (and others) have any suggestions on prevention? > > Someone has done similar things with [hidden email] except that it > was sent to an Air Force email address. ( I got the reject notice > because a virus attachment was detected. These days, as a naturalized US > citizen, the last thing I want is to mess with any US government > agencies and get deported.) I even has it set up with my email server > such that it requires a password confirmation before I can send out a > message. Obviously, it does not work in this case since the person was > not sending it from my mail server. How can we prevent someone else from > assuming our email identity? The current proposed solutions in order of decreasing popularity/maturity are: Sender Policy Framework (SPF) in which domain owners identify sending mail servers in DNS and the receiving Mail Transfer Agent (MTA) verifies this information against the sender header information. Since you have your own domain, I'd recommend using this approach, although you may have to negotiate with your ISP if you don't host your own mail server. See http://spf.pobox.com/ for more information. Sender-ID is a Microsoft proposal to have the Mail User Agent (MUA) verify the "Purported Responsible Address". Microsoft programs will probably have the capability of doing this in upcoming versions. Sender-ID has patent encumbrances and does not have widespread acceptance. Bounce Address Tag Validation (BATV) which is a proposal to use the mail-from header tag to alleviate the very problem that started this thread - bounced email notifications to folks who didn't originate the offending email. Client SMTP Validation (CSV) which is similiar to SPF but has the potential to be more reliable. Bottom line - if you have an email server, you should probably implement SPF. -- Ray Parks [hidden email] IDART Project Lead Voice:505-844-4024 IORTA Department Fax:505-844-9641 http://www.sandia.gov/idart Pager:800-690-5288 |
On Roger and Ray's suggestion I checked whether the domain hosting service
for Friam.org and Redfish.com supports SPF. Here's their response: "We won't start supporting SPF until it is accepted by more than 50% of the large ISPs(AOL, Earthlink...etc)." -Steve ________________________________________________________ [hidden email] http://www.redfish.com office: (505)995-0206 624 Agua Fria Street mobile: (505)577-5828 Santa Fe, NM 87501 > -----Original Message----- > From: Raymond C. Parks [mailto:[hidden email]] > Sent: Tuesday, January 04, 2005 5:20 PM > To: The Friday Morning Applied Complexity Coffee Group > Subject: Re: [FRIAM] RE:virus message > > > Belinda Wong-Swanson wrote: > > > Owen, > > > > Thanks for the detailed explanation of what happened. > > > > Do you (and others) have any suggestions on prevention? > > > > Someone has done similar things with [hidden email] except that it > > was sent to an Air Force email address. ( I got the reject notice > > because a virus attachment was detected. These days, as a > naturalized US > > citizen, the last thing I want is to mess with any US government > > agencies and get deported.) I even has it set up with my email server > > such that it requires a password confirmation before I can send out a > > message. Obviously, it does not work in this case since the person was > > not sending it from my mail server. How can we prevent someone > else from > > assuming our email identity? > > The current proposed solutions in order of decreasing > popularity/maturity are: > > Sender Policy Framework (SPF) in which domain owners identify sending > mail servers in DNS and the receiving Mail Transfer Agent (MTA) verifies > this information against the sender header information. Since you have > your own domain, I'd recommend using this approach, although you may > have to negotiate with your ISP if you don't host your own mail server. > See http://spf.pobox.com/ for more information. > > Sender-ID is a Microsoft proposal to have the Mail User Agent (MUA) > verify the "Purported Responsible Address". Microsoft programs will > probably have the capability of doing this in upcoming versions. > Sender-ID has patent encumbrances and does not have widespread acceptance. > > Bounce Address Tag Validation (BATV) which is a proposal to use the > mail-from header tag to alleviate the very problem that started this > thread - bounced email notifications to folks who didn't originate the > offending email. > > Client SMTP Validation (CSV) which is similiar to SPF but has the > potential to be more reliable. > > Bottom line - if you have an email server, you should probably implement > SPF. > > -- > Ray Parks [hidden email] > IDART Project Lead Voice:505-844-4024 > IORTA Department Fax:505-844-9641 > http://www.sandia.gov/idart Pager:800-690-5288 > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org > > |
I wonder if there might be a way of setting up a plugin for Mozilla
Thunderbird that would check a config file and simply flag a message as spam if it didn't come from the "right" place. Oh, hey, there is one: https://addons.update.mozilla.org/extensions/moreinfo.php?id=345&vid=1051 Carl Stephen Guerin wrote: > On Roger and Ray's suggestion I checked whether the domain hosting service > for Friam.org and Redfish.com supports SPF. Here's their response: > > "We won't start supporting SPF until it is accepted by more than 50% of the > large ISPs(AOL, Earthlink...etc)." > > -Steve > > ________________________________________________________ > [hidden email] http://www.redfish.com > office: (505)995-0206 624 Agua Fria Street > mobile: (505)577-5828 Santa Fe, NM 87501 > > >>-----Original Message----- >>From: Raymond C. Parks [mailto:[hidden email]] >>Sent: Tuesday, January 04, 2005 5:20 PM >>To: The Friday Morning Applied Complexity Coffee Group >>Subject: Re: [FRIAM] RE:virus message >> >> >>Belinda Wong-Swanson wrote: >> >> >>>Owen, >>> >>>Thanks for the detailed explanation of what happened. >>> >>>Do you (and others) have any suggestions on prevention? >>> >>>Someone has done similar things with [hidden email] except that it >>>was sent to an Air Force email address. ( I got the reject notice >>>because a virus attachment was detected. These days, as a >> >>naturalized US >> >>>citizen, the last thing I want is to mess with any US government >>>agencies and get deported.) I even has it set up with my email server >>>such that it requires a password confirmation before I can send out a >>>message. Obviously, it does not work in this case since the person was >>>not sending it from my mail server. How can we prevent someone >> >>else from >> >>>assuming our email identity? >> >> The current proposed solutions in order of decreasing >>popularity/maturity are: >> >>Sender Policy Framework (SPF) in which domain owners identify sending >>mail servers in DNS and the receiving Mail Transfer Agent (MTA) verifies >>this information against the sender header information. Since you have >>your own domain, I'd recommend using this approach, although you may >>have to negotiate with your ISP if you don't host your own mail server. >> See http://spf.pobox.com/ for more information. >> >>Sender-ID is a Microsoft proposal to have the Mail User Agent (MUA) >>verify the "Purported Responsible Address". Microsoft programs will >>probably have the capability of doing this in upcoming versions. >>Sender-ID has patent encumbrances and does not have widespread acceptance. >> >>Bounce Address Tag Validation (BATV) which is a proposal to use the >>mail-from header tag to alleviate the very problem that started this >>thread - bounced email notifications to folks who didn't originate the >>offending email. >> >>Client SMTP Validation (CSV) which is similiar to SPF but has the >>potential to be more reliable. >> >>Bottom line - if you have an email server, you should probably implement >>SPF. >> >>-- >>Ray Parks [hidden email] >>IDART Project Lead Voice:505-844-4024 >>IORTA Department Fax:505-844-9641 >>http://www.sandia.gov/idart Pager:800-690-5288 >> >> >>============================================================ >>FRIAM Applied Complexity Group listserv >>Meets Fridays 9AM @ Jane's Cafe >>Lecture schedule, archives, unsubscribe, etc.: >>http://www.friam.org >> >> > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org > |
In reply to this post by Stephen Guerin
Ok, I was a little hasty in posting the Thunderbird SPF thing.
It's not an unalloyed wonder. (now watch, I'll get spam with 'unalloyed wonder' in the title). Here's the current stuff: http://taubz.for.net/code/spf/ Sorry if raised any false hopes. Carl Stephen Guerin wrote: > On Roger and Ray's suggestion I checked whether the domain hosting service > for Friam.org and Redfish.com supports SPF. Here's their response: > > "We won't start supporting SPF until it is accepted by more than 50% of the > large ISPs(AOL, Earthlink...etc)." > > -Steve > > ________________________________________________________ > [hidden email] http://www.redfish.com > office: (505)995-0206 624 Agua Fria Street > mobile: (505)577-5828 Santa Fe, NM 87501 > > >>-----Original Message----- >>From: Raymond C. Parks [mailto:[hidden email]] >>Sent: Tuesday, January 04, 2005 5:20 PM >>To: The Friday Morning Applied Complexity Coffee Group >>Subject: Re: [FRIAM] RE:virus message >> >> >>Belinda Wong-Swanson wrote: >> >> >>>Owen, >>> >>>Thanks for the detailed explanation of what happened. >>> >>>Do you (and others) have any suggestions on prevention? >>> >>>Someone has done similar things with [hidden email] except that it >>>was sent to an Air Force email address. ( I got the reject notice >>>because a virus attachment was detected. These days, as a >> >>naturalized US >> >>>citizen, the last thing I want is to mess with any US government >>>agencies and get deported.) I even has it set up with my email server >>>such that it requires a password confirmation before I can send out a >>>message. Obviously, it does not work in this case since the person was >>>not sending it from my mail server. How can we prevent someone >> >>else from >> >>>assuming our email identity? >> >> The current proposed solutions in order of decreasing >>popularity/maturity are: >> >>Sender Policy Framework (SPF) in which domain owners identify sending >>mail servers in DNS and the receiving Mail Transfer Agent (MTA) verifies >>this information against the sender header information. Since you have >>your own domain, I'd recommend using this approach, although you may >>have to negotiate with your ISP if you don't host your own mail server. >> See http://spf.pobox.com/ for more information. >> >>Sender-ID is a Microsoft proposal to have the Mail User Agent (MUA) >>verify the "Purported Responsible Address". Microsoft programs will >>probably have the capability of doing this in upcoming versions. >>Sender-ID has patent encumbrances and does not have widespread acceptance. >> >>Bounce Address Tag Validation (BATV) which is a proposal to use the >>mail-from header tag to alleviate the very problem that started this >>thread - bounced email notifications to folks who didn't originate the >>offending email. >> >>Client SMTP Validation (CSV) which is similiar to SPF but has the >>potential to be more reliable. >> >>Bottom line - if you have an email server, you should probably implement >>SPF. >> >>-- >>Ray Parks [hidden email] >>IDART Project Lead Voice:505-844-4024 >>IORTA Department Fax:505-844-9641 >>http://www.sandia.gov/idart Pager:800-690-5288 >> >> >>============================================================ >>FRIAM Applied Complexity Group listserv >>Meets Fridays 9AM @ Jane's Cafe >>Lecture schedule, archives, unsubscribe, etc.: >>http://www.friam.org >> >> > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org > |
Free forum by Nabble | Edit this page |