I forwarded Roger's email about SPF to my web host Crystaltech
(http://www.crystaltech.com). It turned out Crystaltech is in the process of implementing SPF for all domains on its network in the next few weeks. Belinda -------- Original Message -------- Subject: [123-096BE021-38A8] possible virus attack? Date: Tue, 4 Jan 2005 19:25:51 -0700 From: [hidden email] Reply-To: [hidden email] To: <[hidden email]> Bellinda, How interesting that you would bring this up. Crystaltech plans on implementing SPF for all domains on our network over the next few weeks. This is an excellent solution for the spam problem. We will be sending out notice when this is going in place. We will have a place in Control center where you will be able to create your SPF record and there will be instructions on how to do it. Regards, Mike Bickford CrystalTech Web Hosting www.crystaltech.com If you have any other questions please let us know. **** Please include all previous communications **** ------------------------------------------------------------------------ *From*: Belinda Wong-Swanson <[hidden email]> *Sent*: Tue, 04 Jan 2005 16:00:50 -0700 *To*: [hidden email] *Subject*: Re: [123-096BE021-38A8] possible virus attack? Hello, A friend of mine pointed me to this url http://spf.pobox.com/ as a possible solution to provent someone from assuming my email address. Are you familiar with it? Would you recommend it? If so, would you be providing instructions on how to set this up? Thanks again for your assistance, Belinda [hidden email] wrote: > Hello Bellinda, > > The only way to be sure is for the recipient to look thru the email > header to see the IP address of the sending mail server. That way, we > could see if it came from one of Crystal Tech's. > > E-mail spoofing is the forgery of an e-mail header > <http://whatis.techtarget.com/definition/0,,sid9_gci213480,00.html> so > that the message appears to have originated from someone or somewhere > other than the actual source. Distributors of spam > <http://searchmobilecomputing.techtarget.com/sDefinition/0,,sid40_gci213031,00.html> > often use spoofing in an attempt to get recipients to open, and > possibly even respond to, their solicitations. Spoofing can be used > legitimately. Classic examples of senders who might prefer to disguise > the source of the e-mail include a sender reporting mistreatment by a > spouse to a welfare agency or a "whistle-blower" who fears > retaliation. However, spoofing anyone other than yourself is illegal > in some jurisdictions. > > E-mail spoofing is possible because Simple Mail Transfer Protocol > (SMTP > <http://searchexchange.techtarget.com/sDefinition/0,,sid43_gci214219,00.html>), > the main protocol used in sending e-mail, does not include an > authentication > <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211621,00.html> > mechanism (Other than a Reverse DNS Lookup). Although an SMTP service > extension (specified in IETF RFC 2554) allows an SMTP client to > negotiate a security level with a mail server, this precaution is not > often taken. If the precaution is not taken, anyone with the requisite > knowledge can connect to the server and use it to send messages. To > send spoofed e-mail, senders insert commands in headers that will > alter message information. It is possible to send a message that > appears to be from anyone, anywhere, saying whatever the sender wants > it to say. Thus, someone could send spoofed e-mail that appears to be > from you with a message that you didn't write. > > Although most spoofed e-mail falls into the "nuisance" category and > requires little action other than deletion, the more malicious > varieties can cause serious problems and security risks. For example, > spoofed e-mail may purport to be from someone in a position of > authority, asking for sensitive data, such as passwords, credit card > numbers, or other personal information -- any of which can be used for > a variety of criminal purposes. The Bank of America, eBay, and Wells > Fargo are among the companies recently spoofed in mass spam mailings. > One type of e-mail spoofing, self-sending spam > <http://whatis.techtarget.com/definition/0,,sid9_gci840088,00.html>, > involves messages that appear to be both to and from the recipient. > > SMTP authentication verifies that a user must have a user name and > password to send a message through the CrystalTech mail server that > your domain is hosted on. This feature is turned on by default with > any new CrystalTech shared plan. Any online user can spoof any email > address from any computer, however with SMTP authentication turned on, > they would never be able to be verified by a reverse DNS lookup. Most > large ISPs will not accept a message unless it does verify for the > reverse lookup. However, there are still some servers that do and > therefore it is still possible for anyone to spoof your email account, > as easily as mine. > > > > It is also common for a virus to spoof email addresses in the address > book after infecting a PC. A mass-mailing worm can select from a list > of email subjects in an address book, message bodies, and attachment > file names for its email messages. It spoofs the sender name of its > messages so that they appear to have been sent by different users > instead of the actual users on infected machines. Then when the > message fails, public records would route the error back to your inbox. > > > Regards, > Craig Brown > CrystalTech Web Hosting > [hidden email] > The insightful CrystalTech Knowledge Base can be found at: > http://www.webcontrolcenter.com/Knowledge_Base/frmKB.aspx > If you have any other questions please let us know > > ------------------------------------------------------------------------ > *From*: Belinda Wong-Swanson <[hidden email]> > *Sent*: Mon, 03 Jan 2005 10:51:13 -0700 > *To*: [hidden email] > *Subject*: possible virus attack? > > Dear Support Personnel: > > I received this message that I sent a virus to an Air Force site. I > definitely do not even know this email address, let alone sending > anything there. > > Also, as per your recommendation in your newsletter several months ago, > I have it set up so that I have to put in a password before I email from > [hidden email] > > I am baffled as to how someone could still "impersonate" me and spread > viruses in government websites. The last thing I want is to mess with > the US Government. > > Any suggestions as to how I could protect my email identity and website > from being hijacked? > > Thanks, > Belinda > > -------- Original Message -------- > Subject: Policy Violation > Date: Mon, 03 Jan 2005 09:22:09 -0700 > From: [hidden email] > To: [hidden email] > > > > The following message sent by this account has violated HQAFOTEC's > E-Mail policy: > > From: [hidden email] > To: [hidden email] > Date: Mon, 03 Jan 2005 09:21:55 -0700 > Subject: Re: > > > The following violations were detected: > > --- Scan information follows --- > > Virus Name: W32.Beagle.AC@mm > File Attachment: Garry.cpl > Attachment Status: deleted -------------- next part -------------- An HTML attachment was scrubbed... URL: /pipermail/friam_redfish.com/attachments/20050104/67b640f2/attachment-0001.htm |
Belinda Wong-Swanson wrote:
> I forwarded Roger's email about SPF to my web host Crystaltech > (http://www.crystaltech.com). It turned out Crystaltech is in the > process of implementing SPF for all domains on its network in the next > few weeks. Now you just need to have the cooperation of the Air Force - they have to implement it, also, for your original problem to be solved. -- Ray Parks [hidden email] IDART Project Lead Voice:505-844-4024 IORTA Department Fax:505-844-9641 http://www.sandia.gov/idart Pager:800-690-5288 |
Free forum by Nabble | Edit this page |