Email Forging

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • VodaHost
    General & Forum Administrator

    • Mar 2005
    • 12356

    Email Forging

    What is email forging?

    Having you been receiving returned, rejected or bounced emails that you never sent?

    What is going on you ask????

    A spammer or even your grandmother can use any email they want as the return email address for their outgoing emails. This is called email forging…It is very simple to do and impossible to stop.

    How simple is it forge a return email?

    Simply set up a new email in your outlook or outlook express...You can put any email you want in the from field and the receiver will think it is coming from them...

    If you used the email GeorgeBush (@) WhiteHouse.gov as your forgery , the email will appear like it was sent by the prez. If your email bounces G.B. will receive it....( Please do not try this, it is fraud and can get you in very hot water, If you do try it, PLEASE do not use the above example as your test or you might get a visit)

    Why you?, Why did the spammer pick your eMail to forge?

    Why not?

    VodaHost

    Your Website People!
    1-302-283-3777 North America / International
    02036089024 / United Kingdom
    291916438 / Australia

    ------------------------

    Top 3 Best Sellers

    Web Hosting - Unlimited disk space & bandwidth.

    Reseller Hosting - Start your own web hosting business.

    Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


  • Vasili
    Moderator

    • Mar 2006
    • 14683

    #2
    Re: Email Forging

    Does not quite answer how unique names appear in the "from field" in the skant 2% or so of forged emails returned as invalid, though......

    OK, Boss, maybe you have to spell it out for me then: If an email was so generally "forged" and was returned from an invalid email, our servers would reject that email address since the account email aliases are alias-specifc right back to the forger (and be in a loop of undeliverability, right?).

    For instance, how would a forger know to set up as Bobby.deptmgr@mydomain.com if scoured from an account set up for "general" domain delivery? And why does email forged as a generic sales@mydomain.com come back to the only valid email address on an account (ceo@mydomain.com) as spam when the account is only allowed to deliver/accept email exactly as addressed?
    Shouldn't it be undeliverable as well?
    . VodaWebs....Luxury Group
    * Success Is Potential Realized *

    Comment

    • Watdaflip
      Major General

      • Sep 2005
      • 2116

      #3
      Re: Email Forging

      There is a main email set for every account. (thats what the default email address is). Any email sent to your domain that isn't valid, is automatically forwarded to the default address. This was most likely put in for when people make typos, like sending an email to suppotr@yoursite.com instead of support@yoursite.com

      Register/Login Script
      Do you use a Password Protected Directory? Need a way to allow users to make their own account, try my .htaccess Login Script

      Comment

      • Vasili
        Moderator

        • Mar 2006
        • 14683

        #4
        Re: Email Forging

        Well, not exactly.
        When you set up your email client, you have that option to have a forwarder enabled (which would in fact process mis-spelled aliases along with generic or even missing alises) or to have a specific email alias only enabled.....meaning that even mis-spelled addresses would bounce back to sender.

        The "default" you are trying to pin down is the Account itself (which is the Webmail utility - not the webmail for each domain, but the entire account), but that too is very address-specific. There is no allowance for that to occur.

        Next?
        Don't get me wrong! I am grateful for the round-table, as I want to end this nuisance ASAP, but musings and postulations are not the means to accomplish it.
        . VodaWebs....Luxury Group
        * Success Is Potential Realized *

        Comment

        • Watdaflip
          Major General

          • Sep 2005
          • 2116

          #5
          Re: Email Forging

          Yes the default is for the account, but is connected to every domain on the account. It WILL pick up any email sent to any of your domains that isn't valid.

          Register/Login Script
          Do you use a Password Protected Directory? Need a way to allow users to make their own account, try my .htaccess Login Script

          Comment

          • VodaHost
            General & Forum Administrator

            • Mar 2005
            • 12356

            #6
            Re: Email Forging

            Originally posted by Vasili View Post
            Does not quite answer how unique names appear in the "from field" in the skant 2% or so of forged emails returned as invalid, though......

            OK, Boss, maybe you have to spell it out for me then: If an email was so generally "forged" and was returned from an invalid email, our servers would reject that email address since the account email aliases are alias-specifc right back to the forger (and be in a loop of undeliverability, right?).

            For instance, how would a forger know to set up as Bobby.deptmgr@mydomain.com if scoured from an account set up for "general" domain delivery? And why does email forged as a generic sales@mydomain.com come back to the only valid email address on an account (ceo@mydomain.com) as spam when the account is only allowed to deliver/accept email exactly as addressed?
            Shouldn't it be undeliverable as well?
            Actually NO. All servers are set up to accept all bounced and rejected incoming emails that are domain specific. What the forger places before the @ sign is completely irrelevant. A forger does not have to know what your real email is and in most cases doesn’t. He uses generic words before the@ like support, sales , admin, info, postmaster, webmaster, etc…. If any of those bounce they will be routed back to you. This is set up this way by us, so you have a understanding of what is going on with your email.

            VodaHost

            Your Website People!
            1-302-283-3777 North America / International
            02036089024 / United Kingdom
            291916438 / Australia

            ------------------------

            Top 3 Best Sellers

            Web Hosting - Unlimited disk space & bandwidth.

            Reseller Hosting - Start your own web hosting business.

            Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


            Comment

            • Vasili
              Moderator

              • Mar 2006
              • 14683

              #7
              Re: Email Forging

              OK.....then what you are actually saying is forgers in fact are not using our utilities to send (or skip from) nor are they using/abusing our band or contributing to our email counts.....they are merely using a forged "identifier" to attempt to bypass spam filters and appear more innocuous to ISP's they are penetrating (trying to deliver to), right?
              This is where you say "Yes" very clearly once and for all.....LOL

              Thanks for spelling it out for us (me), Boss. Once we have a final assurance, I am sure it will easier for us to deal with as SOP.
              . VodaWebs....Luxury Group
              * Success Is Potential Realized *

              Comment

              • Watdaflip
                Major General

                • Sep 2005
                • 2116

                #8
                Re: Email Forging

                No, they don't have to sent it on the same server as the domain is hosted. If you look at the how the php mail() function works. A simple one would look like

                mail('you@yoursite.com', 'This is spam', 'Hahah this is spam', 'From: anyemail@anydomain');

                There is no check if any of the emails are valid. It simply attempts to send the data to domain yoursite.com. if it is received by the site it will then process the received information. If the email exists it save the data at whatever location on the server stores the emails. The sender of the email is just located in the data that was sent. When you read the email its just grabing whatever the email has for the sender. It doesn't do any check at that point to verify it.

                Oh an if you don't have a secure contact form or whatnot on your site its very possible that its being used to send spam even to yourself. But usually this goes to a working email address (because you have that specified in the script)

                Register/Login Script
                Do you use a Password Protected Directory? Need a way to allow users to make their own account, try my .htaccess Login Script

                Comment

                • bobs-pcmall
                  Staff Sergeant

                  • Dec 2006
                  • 40

                  #9
                  Re: Email Forging

                  Very Interesting subject. I've been in computers since 1973 and wasn't aware that this was able to be done. Don't like spam ethier.
                  Bob the Builder
                  www.bobs-pcmall.com
                  Without Data, you're just another opinion.

                  Comment

                  • VodaHost
                    General & Forum Administrator

                    • Mar 2005
                    • 12356

                    #10
                    Re: Email Forging

                    This is where you say "Yes" very clearly once and for all.....LOL
                    Yes

                    VodaHost

                    Your Website People!
                    1-302-283-3777 North America / International
                    02036089024 / United Kingdom
                    291916438 / Australia

                    ------------------------

                    Top 3 Best Sellers

                    Web Hosting - Unlimited disk space & bandwidth.

                    Reseller Hosting - Start your own web hosting business.

                    Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


                    Comment

                    Working...
                    X