[ORRando] Email spam: Spoofing vs account hijacking
Michal Young
michal at cs.uoregon.edu
Wed Mar 18 12:23:37 PDT 2015
It’s likely the spam is not coming from the accounts of Cheryl and Asta, and changing their passwords will not help. It is, unfortunately, trivially easy to forge the “from” header of an email message. The message labeled as being from Asta has a message-ID that indicates it came from the Netherlands (secudata.nl <http://secudata.nl/>), and the email labeled as being from Cheryl has a message-ID that indicates it came from Brazil (terra.com.br <http://terra.com.br/>). The spammer (or rather, the spam-bot) is likely scanning the mailing list for prior senders and forging matching ‘from’ addresses.
There may be ways to filter some of this in the mailing list software, or maybe not. It’s an unfortunate consequence of protocols designed way back when the internet was a much smaller group of people who pretty much all trusted each other.
—Michal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://orrandonneurs.org/pipermail/orrando/attachments/20150318/2d1c40f8/attachment.html>
More information about the ORRando
mailing list