23
stacked
6y

Apparently some fucking moron bot has started sending spam messages to random people using my email address in the 'from' field.

From: my@address.fuck
Subject: I want to feel the passion with you.

I know because I just received a Delivery Status Notification containing the full spam email.

Fuck you spammers and scammers. Wish you a horrible and slow death in a mincer.

Comments
  • 2
    What? How?
  • 7
    @Cyanide Spoofed headers probably. Very easy to do.
  • 10
    @Cyanide the 'from' header of any email is arbitrary and can be set to any value, including email addresses you don't own or even nonsense strings
  • 9
    I w a n t f o f e e l t h e p a s s i o n w i t h y o u
  • 4
    Normally SPF and DKIM should be able to take care of that.. depends on whether the recipient mail server bounces spoofed mails or at least puts them in spam... But many servers don't. It's a real problem.
  • 2
    @Condor it's a bigger problem if you don't have it set on your domain and the receiving end blocks literally everything, unless..

    oh well
  • 5
    @xewl a server that doesn't at least have an SPF record isn't worthy of receiving mails from :) it's like taking a blowjob of a dysfunctional crack whore.. no thanks!
  • 0
    @Condor if the domain's A/AAA or MX records equals.... unless the server receives a load of bullshit that gets flagged otherwise, I'd think it's safe to ~all by default tho'
  • 3
    @xewl If the A, MX and PTR records all check out, sure you could regard it as just as valid as a SPF record would be. That said, if e.g. you're using Gmail and send out from their servers (and your A records may point to web servers somewhere else or whatever) then the PTR record should include the Google servers. Also finetuning your SPF as "this is where I will send mail from, nowhere else!" should lock your server down a bit more (i.e. help reduce abuse) and aid the servers that use the SPF record for verification - as that's pretty much what it's been designed for, whereas the A, MX and PTR records haven't.
  • 1
    Set up DMARC and SPF
  • 1
    @Condor I've had my history with SPF, especially the frigging Max of 10 lookups and shit...

    I get why it's there... but I don't get why Live (Hotmail) needs to be the strongest fucker about it, as it seems. While Gmail just allows it -mostly-.
  • 3
    @xewl Hotmail with their JMRP crap etc is the single worst mailing system that I've had to deal with.. one more reason for me to say "FUCK MICROSOFT!"
  • 1
    @Condor but I can't -always- say *FUCK THE CUSTOMERS* , sadly
  • 2
    @xewl true :') I guess that in my case I was lucky with my sister being the only one who adamantly refused to use anything but her old Hotmail. And me adamantly refusing to use my Outlook account instead of what was at the time my shiny new brain child - a mail server of my own :3

    Well I did the whole JMRP BS regardless, contacted Microsoft requesting blacklist removal and the whole nine yards... After 24 hours it was completely propagated in their mailing systems so that was nice. Still kinda sucked since every other mailing system including Gmail just checked RBL and didn't find my servers in there anymore.. so they automatically unblocked them without me having to do anything.

    That said, a lot of my correspondents seem to be using Exchange servers.. not sure if those follow the same ultimatum of "register for JMRP or we'll bounce your mails"?
  • 0
    For the record, the address that was used in the spam email was not my primary address, but an alias from an open-source project I contribute to.

    Being a forward-only alias, it's meant to be used by everyone in the 'from' field, there are no records to protect against misuse.

    Still, it sucks for me and for the project
  • 3
    @stacked In that case you'll want to look into how to protect that email address from abuse, especially when those forwardings can be made by contacting your mail server. This vulnerability is called "open relays" and it's the reason why you always want to check for either whether the mail to be sent comes from a trusted source (such as server's localhost, VPN or whatever) or from an authenticated client. Forwarding without authentication from untrusted IP's on the other hand is always a big no-no. If it's abused extensively it may even cause other mailing systems to blacklist you or have your servers land on an RBL.
Add Comment