Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
stacked26796y@Cyanide the 'from' header of any email is arbitrary and can be set to any value, including email addresses you don't own or even nonsense strings
-
Condor324966yNormally SPF and DKIM should be able to take care of that.. depends on whether the recipient mail server bounces spoofed mails or at least puts them in spam... But many servers don't. It's a real problem.
-
Condor324966y@xewl a server that doesn't at least have an SPF record isn't worthy of receiving mails from :) it's like taking a blowjob of a dysfunctional crack whore.. no thanks!
-
Condor324966y@xewl If the A, MX and PTR records all check out, sure you could regard it as just as valid as a SPF record would be. That said, if e.g. you're using Gmail and send out from their servers (and your A records may point to web servers somewhere else or whatever) then the PTR record should include the Google servers. Also finetuning your SPF as "this is where I will send mail from, nowhere else!" should lock your server down a bit more (i.e. help reduce abuse) and aid the servers that use the SPF record for verification - as that's pretty much what it's been designed for, whereas the A, MX and PTR records haven't.
-
Condor324966y@xewl Hotmail with their JMRP crap etc is the single worst mailing system that I've had to deal with.. one more reason for me to say "FUCK MICROSOFT!"
-
Condor324966y@xewl true :') I guess that in my case I was lucky with my sister being the only one who adamantly refused to use anything but her old Hotmail. And me adamantly refusing to use my Outlook account instead of what was at the time my shiny new brain child - a mail server of my own :3
Well I did the whole JMRP BS regardless, contacted Microsoft requesting blacklist removal and the whole nine yards... After 24 hours it was completely propagated in their mailing systems so that was nice. Still kinda sucked since every other mailing system including Gmail just checked RBL and didn't find my servers in there anymore.. so they automatically unblocked them without me having to do anything.
That said, a lot of my correspondents seem to be using Exchange servers.. not sure if those follow the same ultimatum of "register for JMRP or we'll bounce your mails"? -
stacked26796yFor the record, the address that was used in the spam email was not my primary address, but an alias from an open-source project I contribute to.
Being a forward-only alias, it's meant to be used by everyone in the 'from' field, there are no records to protect against misuse.
Still, it sucks for me and for the project -
Condor324966y@stacked In that case you'll want to look into how to protect that email address from abuse, especially when those forwardings can be made by contacting your mail server. This vulnerability is called "open relays" and it's the reason why you always want to check for either whether the mail to be sent comes from a trusted source (such as server's localhost, VPN or whatever) or from an authenticated client. Forwarding without authentication from untrusted IP's on the other hand is always a big no-no. If it's abused extensively it may even cause other mailing systems to blacklist you or have your servers land on an RBL.
Related Rants
-
error50311This happened few hours ago. Client: I received an email which says that I won 1 million dollars. They gave m...
-
coolq36I know it wasn't ethical, but I had to do it. Semester 4 started this week, we all got to vote which day we w...
-
cave11Admin: "Wait, I noticed unusual traffic." Me: "What is it?" Admin: "Looks like we have a bot here." Me: "A ...
Apparently some fucking moron bot has started sending spam messages to random people using my email address in the 'from' field.
From: my@address.fuck
Subject: I want to feel the passion with you.
I know because I just received a Delivery Status Notification containing the full spam email.
Fuck you spammers and scammers. Wish you a horrible and slow death in a mincer.
rant
spam
scam