Re: [cobalt-users] Spammers forging my email address - Urgent

[Dom Latter <qube@xxxxxxx>]

Joi wrote:
> 
> Dan,
> 
> As the owner of nodomain.com, my domain get's forged in countless emails,
> guestbooks, newsgroups, etc.  www.deja.com found 1118 messages from various
> people claiming to be "nobody@xxxxxxxxxxxx" when I checked the other day.

Isn't this, ummmmm, what you'd expect?

Here at san.com, I get lots of mail for san.something.com users.  People
forget the "something" bit - or perhaps it's set up wrongly in the first
place.

What's incredible is the ecommerce sites that don't verify the address before 
sending out emails.  So far I've had, for example,  details of an order from 
a virtual toy store.

That's kiddy toys, not adult toys, so my ability to blackmail the guy is 
somewhat limited, but I still think 160 dollars is a bit much to spend 
for a kid's birthday.

Lots of sites send emails with a "click here to access your account" buttons
on them.  A lot of them will then obligingly email me the password I need 
to access the page.  

You can then find yourself with full read / write access to all the personal 
info that the luser entered.  In one case this included both the shipping and 
billing addresses - but sadly the person concerned had decided against entering
her credit card details.

To get vaguely back on-topic, the answer is yes, unknown user emails are
bounced at the header level, i.e. before the body of the message is downloaded.
I discovered this during a mailbomb attack...