Email Forging

**Vasili** · 07-20-2007, 10:40 PM

Re: Email Forging

Does not quite answer how unique names appear in the "from field" in the skant 2% or so of forged emails returned as invalid, though......

OK, Boss, maybe you have to spell it out for me then: If an email was so generally "forged" and was returned from an invalid email, our servers would reject that email address since the account email aliases are alias-specifc right back to the forger (and be in a loop of undeliverability, right?).

For instance, how would a forger know to set up as Bobby.deptmgr@mydomain.com if scoured from an account set up for "general" domain delivery? And why does email forged as a generic sales@mydomain.com come back to the only valid email address on an account (ceo@mydomain.com) as spam when the account is only allowed to deliver/accept email exactly as addressed?
Shouldn't it be undeliverable as well?

**Watdaflip** · 07-21-2007, 12:55 AM

Re: Email Forging

There is a main email set for every account. (thats what the default email address is). Any email sent to your domain that isn't valid, is automatically forwarded to the default address. This was most likely put in for when people make typos, like sending an email to suppotr@yoursite.com instead of support@yoursite.com

**Vasili** · 07-21-2007, 01:14 AM

Re: Email Forging

Well, not exactly.
When you set up your email client, you have that option to have a forwarder enabled (which would in fact process mis-spelled aliases along with generic or even missing alises) or to have a specific email alias only enabled.....meaning that even mis-spelled addresses would bounce back to sender.

The "default" you are trying to pin down is the Account itself (which is the Webmail utility - not the webmail for each domain, but the entire account), but that too is very address-specific. There is no allowance for that to occur.

Next?
Don't get me wrong! I am grateful for the round-table, as I want to end this nuisance ASAP, but musings and postulations are not the means to accomplish it.

**Watdaflip** · 07-21-2007, 02:06 AM

Re: Email Forging

Yes the default is for the account, but is connected to every domain on the account. It WILL pick up any email sent to any of your domains that isn't valid.

**VodaHost** · 07-21-2007, 06:35 AM

Re: Email Forging

Originally posted by Vasili View Post

Does not quite answer how unique names appear in the "from field" in the skant 2% or so of forged emails returned as invalid, though......

OK, Boss, maybe you have to spell it out for me then: If an email was so generally "forged" and was returned from an invalid email, our servers would reject that email address since the account email aliases are alias-specifc right back to the forger (and be in a loop of undeliverability, right?).

For instance, how would a forger know to set up as Bobby.deptmgr@mydomain.com if scoured from an account set up for "general" domain delivery? And why does email forged as a generic sales@mydomain.com come back to the only valid email address on an account (ceo@mydomain.com) as spam when the account is only allowed to deliver/accept email exactly as addressed?
Shouldn't it be undeliverable as well?

Actually NO. All servers are set up to accept all bounced and rejected incoming emails that are domain specific. What the forger places before the @ sign is completely irrelevant. A forger does not have to know what your real email is and in most cases doesn�t. He uses generic words before the@ like support, sales , admin, info, postmaster, webmaster, etc�. If any of those bounce they will be routed back to you. This is set up this way by us, so you have a understanding of what is going on with your email.

**Vasili** · 07-21-2007, 07:45 AM

Re: Email Forging

OK.....then what you are actually saying is forgers in fact are not using our utilities to send (or skip from) nor are they using/abusing our band or contributing to our email counts.....they are merely using a forged "identifier" to attempt to bypass spam filters and appear more innocuous to ISP's they are penetrating (trying to deliver to), right?
This is where you say "Yes" very clearly once and for all.....LOL

Thanks for spelling it out for us (me), Boss. Once we have a final assurance, I am sure it will easier for us to deal with as SOP.

**Watdaflip** · 07-21-2007, 04:13 PM

Re: Email Forging

No, they don't have to sent it on the same server as the domain is hosted. If you look at the how the php mail() function works. A simple one would look like

mail('you@yoursite.com', 'This is spam', 'Hahah this is spam', 'From: anyemail@anydomain');

There is no check if any of the emails are valid. It simply attempts to send the data to domain yoursite.com. if it is received by the site it will then process the received information. If the email exists it save the data at whatever location on the server stores the emails. The sender of the email is just located in the data that was sent. When you read the email its just grabing whatever the email has for the sender. It doesn't do any check at that point to verify it.

Oh an if you don't have a secure contact form or whatnot on your site its very possible that its being used to send spam even to yourself. But usually this goes to a working email address (because you have that specified in the script)

**bobs-pcmall** · 07-22-2007, 03:10 AM

Re: Email Forging

Very Interesting subject. I've been in computers since 1973 and wasn't aware that this was able to be done. Don't like spam ethier.

**VodaHost** · 08-17-2007, 04:05 PM

Re: Email Forging

This is where you say "Yes" very clearly once and for all.....LOL

Yes

Email Forging

Email Forging

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment