[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] email virus help
- Subject: Re: [cobalt-users] email virus help
- From: Parker Morse <morse@xxxxxxxxxxx>
- Date: Wed Jan 8 09:44:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Wednesday, January 8, 2003, at 12:12 PM, David Lucas wrote:
This is my point. I control cdbyrd.net and it isn't there. How can
someone use my domain?
By lying.
I've munged some addresses in the following transcript, so they won't be
harvested, but it should be pretty obvious where that's been done:
[localhost:~] pjmorse% telnet www.yetiservices.com 25
Trying 66.77.173.56...
Connected to yetiservices.com.
Escape character is '^]'.
220 www.yetiservices.com ESMTP Sendmail 8.10.2/8.10.2; Wed, 8 Jan 2003 11:
27:14 -0600
EHLO mail.cdbyrd.net
250-www.yetiservices.com Hello bluebird.sinauer.com [x.x.x.x], pleased to
meet you
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE 20971520
250-DSN
250-ONEX
250-ETRN
250-XUSR
250-AUTH PLAIN CRAM-MD5
250 HELP
MAIL FROM: morse[AT]yetiservices.com
250 2.1.0 morse[AT]yetiservices.com... Sender ok
RCPT TO: postmaster[AT]cdbyrd.net
250 2.1.5 postmaster[AT]cdbyrd.net... Recipient ok
QUIT
221 2.0.0 www.yetiservices.com closing connection
Connection closed by foreign host.
[localhost:~] pjmorse%
Now, had I carried through and sent this email, the received: line would
have looked something like this:
Received: from mail.cdbyrd.net (bluebird.sinauer.com, [x.x.x.x])
by www.yetiservices.com (8.9.3/8.9.3) with ESMTP id JAA24783
for <postmaster[AT]cdbyrd.net>; Wed, 8 Jan 2003 09:13:07 -0800
I am not looking at weeding out these emails, per se, I want to know if I
can stop this person from sending email with my domain. I understand
people spoof return addresses and the such all the time, but I get back
emails all the time that say we sent them and didn't, but the sender is
never really us. This looks like we actually sent it, as if we have an
authorized server at 151.197.184.41 and we don't.
It doesn't look to me like you sent the original mail; it looks to me like
the dialup in Philly sent it and put your return address on the envelope,
so to speak. Though I'll grant that to many people it would look like you
sent it. Until the SMTP protocol changes (or we start using another
protocol for mail) I expect you (and the rest of us) are stuck with it.
pjm