Real mail addresses in list postings and resulting **SPAM**

John Summerfield debian at herakles.homelinux.org
Sun Sep 27 01:28:26 UTC 2009


Allen Kistler wrote:
> not Allen Kistler wrote:
>> Allen Kistler wrote:
>>> So trying to keep this thread relevant to Fedora, is there one in
>>> Fedora?  I use Thunderbird, so I'm pretty sure that won't do it.
>> With apologies to Allen, I take this chance to show just how easy it
>> is to forge email.
>>
>> For those interested in checking whether this is a forgery (or at last
>> from a different source from the one I'm quoting), just check the
>> headers.
>>
>> The key point is that it's trivial to set an alternative identity (I'm
>> using seamonkey which might be another clue I'm not Allen), but
>> Thunderbird can do it too.
> 
> Sorry.  I can't check your headers, since I get the digest.  The only
> thing I get is your TZ is +8, while mine is -5.

Here are all the headers I received:
Return-Path: <fedora-test-list-bounces at redhat.com>
Received: from murder ([unix socket])
	 by ns.demo.lan (Cyrus v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA;
	 Fri, 25 Sep 2009 20:08:31 +0800
X-Sieve: CMU Sieve 2.2
Received: from hormel.redhat.com (hormel1.redhat.com [209.132.177.33])
	by ns.demo.lan (Postfix) with ESMTP id 128E8474FCB
	for <debian at herakles.homelinux.org>; Fri, 25 Sep 2009 20:08:31 +0800 (WST)
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com 
[10.8.4.110])
	by hormel.redhat.com (Postfix) with ESMTP id CDEC361A824;
	Fri, 25 Sep 2009 08:08:27 -0400 (EDT)
Received: from int-mx01.intmail.prod.int.phx2.redhat.com
	(nat-pool.util.phx.redhat.com [10.8.5.200])
	by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id
	n8PC8POF008445 for <fedora-test-list at listman.util.phx.redhat.com>;
	Fri, 25 Sep 2009 08:08:25 -0400
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com
	[10.5.110.9])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id n8PC8PA0014882
	for <fedora-test-list at redhat.com>; Fri, 25 Sep 2009 08:08:25 -0400
Received: from js.id.au (dsl-58-6-192-22.wa.westnet.com.au [58.6.192.22])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n8PC8EWv011998
	for <fedora-test-list at redhat.com>; Fri, 25 Sep 2009 08:08:15 -0400
Received: from ns.demo.lan (unknown [192.168.4.10])
	by js.id.au (Postfix) with ESMTP id E589B5F408B
	for <fedora-test-list at redhat.com>; Fri, 25 Sep 2009 20:08:11 +0800 (WST)
Received: from bobtail.demo.lan (Bobtail.demo.lan [192.168.9.109])
	by ns.demo.lan (Postfix) with ESMTP id 9DFC9474FCB
	for <fedora-test-list at redhat.com>; Fri, 25 Sep 2009 20:08:11 +0800 (WST)
Message-ID: <4ABCB2AB.40905 at yahoo.com>
Date: Fri, 25 Sep 2009 20:08:11 +0800
From: Allen Kistler <an037-ooai8 at yahoo.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.8.1.19) Gecko/20090222 SeaMonkey/1.1.14
MIME-Version: 1.0
To: For testers of Fedora Core development releases
	<fedora-test-list at redhat.com>
References: <4ABBEC74.6070509 at yahoo.com> <20090925063952.GA16327 at wolff.to>
	<4ABC74E7.3050705 at yahoo.com>
In-Reply-To: <4ABC74E7.3050705 at yahoo.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-RedHat-Spam-Score: 1.508 * (FORGED_YAHOO_RCVD,RDNS_DYNAMIC)
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11
X-Scanned-By: MIMEDefang 2.67 on 10.5.110.9
X-loop: fedora-test-list at redhat.com
Subject: Re: Real mail addresses in list postings and resulting **SPAM**
X-BeenThere: fedora-test-list at redhat.com
X-Mailman-Version: 2.1.5
Precedence: junk
Reply-To: For testers of Fedora Core development releases
	<fedora-test-list at redhat.com>
List-Id: For testers of Fedora Core development releases
	<fedora-test-list.redhat.com>
List-Unsubscribe: 
<https://www.redhat.com/mailman/listinfo/fedora-test-list>,
	<mailto:fedora-test-list-request at redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/fedora-test-list>
List-Post: <mailto:fedora-test-list at redhat.com>
List-Help: <mailto:fedora-test-list-request at redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/fedora-test-list>,
	<mailto:fedora-test-list-request at redhat.com?subject=subscribe>
Sender: fedora-test-list-bounces at redhat.com
Errors-To: fedora-test-list-bounces at redhat.com


> 
> I know that Thunderbird (or virtually any other client) can set
> alternative identities.  Wholesale forgery is easy.  We're after
> something subtler.
> 
> When you sent the message to the list, did you do it with an envelope
> that identified you as you or did you do it with an envelope that
> identified you as me?
> 
> The trick is to do it with an envelope that identifies you as you, but a
> message header that identifies you as, say, invalid at invalid.invalid.
> Thunderbird sets them to be the same, without an option to change that.
>  (Hmm... Maybe an extension?)  Bruno mentioned mutt allows them to be
> different.
> 

I recently (days) saw an option to add an arbitrary header. I don't 
recall whether it was Thunderbird or Seamonkey - I have the Seamonkey 
2.0 beta on Windows- but the config editor for Thunderbird and both 
versions of Seamonkey I have on Windows show what looks like it. See 
mail.compose selections.

It's a config-time option, not compose-time so it's not useful to me.


-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)




More information about the test mailing list