[Novalug] Obvious SPAM

Ed T. Toton III bones@necrobones.net
Mon Feb 4 09:32:40 EST 2008


Thus spake Jay Hart:

> Received this email today. Its an obvious spam email, but what has me a little
> concerned is that they spoofed the 'from' address. I've attached the full
> header and email below.
>
> Two things:
>
> 1. How worried should I be about the address spoofing? Should I be worried at
> all about this, or just treat it like a normal spam email?


Yes, I'd treat it as normal spam.

I'll second the recommendation for using SPF records in your domain name, 
if you can do so. It'll help cut down on this sort of thing, at least in 
terms of the return-path, or "envelope" from-field. Some mail systems may 
actually check the header from-field too. It depends on the 
implementation.

My answer is you shouldn't be too concerned. This happens all the time, 
and any semi-intelligent spam filter or mail admin will know not to trust 
it. The header's from-field is just informational, and the spammers can 
put anything they want there.

In terms of it being misinterpreted by other recipients who don't know 
anything about how mail and SMTP works, SPF is all you can do to try to 
curb that.



------------------------------------------------------------------
- Ed T. Toton III, RHCE --|-- www.necrobones.com -- ed.toton.org -
------------------------------------------------------------------
    "I have not lost my mind, it's backed up on disk somewhere!"




More information about the Novalug mailing list