[100063] in RedHat Linux List
RE: SPAM headers.
daemon@ATHENA.MIT.EDU (Soffen, Matthew)
Wed Nov 18 10:55:33 1998
From: "Soffen, Matthew" <msoffen@iso-ne.com>
To: redhat-list@redhat.com
Date: Wed, 18 Nov 1998 10:55:14 -0500
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
That won't always work either. You would need to know what machine to
finger. Also it may be a valid user from behind a firewall so you can't
get any finger info. Also alot of companies and colleges are disabling
the finger daemon.
> ----------
> From: Thomas Gaume[SMTP:tom@flwireless.net]
> Sent: Wednesday, November 18, 1998 10:01 AM
> To: redhat-list@redhat.com
> Subject: Re: SPAM headers.
>
> How about something simple that checks that the sender is a valid
> address (finger maybe), store this in a db or text file that the
> sender
> stores all previous varified senders that the To: line gets tested
> against first and then tries to verify the address.
>
>
>
> "Soffen, Matthew" wrote:
> >
> > What happens if someone BCC's you a copy of a letter ? Or it is
> sent to
> > some mail alias that points to you ?
> > It is "difficult" to block based on the To: address because you run
> the
> > risk the possibility of trashing real mail.
> >
> > > ----------
> > > From: Ramon Gandia[SMTP:rfg@nook.net]
> > > Sent: Wednesday, November 18, 1998 1:06 AM
> > > To: redhat-list@redhat.com
> > > Subject: SPAM headers.
> > >
> > > I got a spam mail, and it looked like this on my Email
> > > screen:
> > >
> > > ---------------------------------------------------
> > > Subject: YOUR FREE STEALTH MAILER IS WAITING !!!
> > > Date: Tue, 17 Nov 98 10:35:45 EST
> > > From: millenieum_69@mailexcited.com
> > > Reply-To: Reply-To:everyone_1964@mailexcited.com
> > > To: makemoneyfromhome@everywhere.com
> > > <text snipped>
> > > ----------------------------------------------------
> > > In the Mail Headers I see the difference:
> > >
> > > --------------------------------------------
> > > Delivered-To: rfg@nook.net
> > > To: makemoneyfromhome@everywhere.com
> > >
> > > --------------------------------------------
> > >
> > > Please note that this spam and header info are VERY typical.
> > > In fact, over the last 6 months or so, of all the SPAM that
> > > I got, exactly 100% of it shared this characteristic:
> > >
> > > The To: has some bogus name, which is the one that shows,
> > > whereas in the header the Delivered-To: header has my real
> > > email address.
> > >
> > > Conversely, I have never received a LEGITIMATE email that
> > > had a bogus To: address.
> > >
> > > Now it seems to me that it would be dead easy to do one of
> > > several things to Zap a lot SPAM right off the bat. Either
> > > system-wide (within Nook Net), or at least personally to me.
> > >
> > > (1) If the To: header is not for nook.net. Parse or grep the
> > > To: line for "nook.net". If its not there, its SPAM.
> > >
> > > (2) Parse the To: address and compare to the Delivered-To:
> > > line, if there is no match, its spam. Have to be careful on
> > > this one in the case of CC's. I suspect there may be problems
> > > with BCC's.
> > >
> > > Now, my question to Red Hatters is this. What tool is available
> > > to do this? Surely there has to be one. Most of you run
> > > Sendmail,
> > > Alas, I run Qmail here, but I think that one solution that works
> > > with one will be adaptable to the other. Nook Net mail is not
> > > busy at all, so this is not needing a powerful program.
> > >
> > > I would also like some input from Red Hatters if my premise
> > > that a Delivered-To: header that has no relationship to the
> > > To: header = SPAM. I am sure I am right, and I am sure there
> > > is other spam that is properly delivered. Nevertheless, if I
> > > were to quietly trash (not bounce) email that met the above
> > > criteria, the spammers would not be the wiser.... By their own
> > > petard they would cook their goose, so to speak. hehehehhe.
> > >
> > > What you guys say?
> > >
> > > --
> > > Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
> > > 285 West First Avenue rfg@nook.net
> > > P.O. Box 970 tel. 907-443-7575
> > > Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
> > >
> >
> > --
> > PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST
> ARCHIVES!
> > http://www.redhat.com http://archive.redhat.com
> > To unsubscribe: mail redhat-list-request@redhat.com with
> > "unsubscribe" as the Subject.
>
> --
> Thomas L. Gaume
> VP-Operations
> Wireless Internet Services of Florida, Inc.
> http://www.flwireless.net
>
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
