Re: Real mail addresses in list postings and resulting **SPAM**

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Allen Kistler wrote:
not Allen Kistler wrote:
Allen Kistler wrote:
So trying to keep this thread relevant to Fedora, is there one in
Fedora?  I use Thunderbird, so I'm pretty sure that won't do it.
With apologies to Allen, I take this chance to show just how easy it
is to forge email.

For those interested in checking whether this is a forgery (or at last
from a different source from the one I'm quoting), just check the
headers.

The key point is that it's trivial to set an alternative identity (I'm
using seamonkey which might be another clue I'm not Allen), but
Thunderbird can do it too.

Sorry.  I can't check your headers, since I get the digest.  The only
thing I get is your TZ is +8, while mine is -5.

Here are all the headers I received:
Return-Path: <fedora-test-list-bounces@xxxxxxxxxx>
Received: from murder ([unix socket])
	 by ns.demo.lan (Cyrus v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA;
	 Fri, 25 Sep 2009 20:08:31 +0800
X-Sieve: CMU Sieve 2.2
Received: from hormel.redhat.com (hormel1.redhat.com [209.132.177.33])
	by ns.demo.lan (Postfix) with ESMTP id 128E8474FCB
	for <debian@xxxxxxxxxxxxxxxxxxxxxx>; Fri, 25 Sep 2009 20:08:31 +0800 (WST)
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com [10.8.4.110])
	by hormel.redhat.com (Postfix) with ESMTP id CDEC361A824;
	Fri, 25 Sep 2009 08:08:27 -0400 (EDT)
Received: from int-mx01.intmail.prod.int.phx2.redhat.com
	(nat-pool.util.phx.redhat.com [10.8.5.200])
	by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id
	n8PC8POF008445 for <fedora-test-list@xxxxxxxxxxxxxxxxxxxxxxxxxxx>;
	Fri, 25 Sep 2009 08:08:25 -0400
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com
	[10.5.110.9])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id n8PC8PA0014882
	for <fedora-test-list@xxxxxxxxxx>; Fri, 25 Sep 2009 08:08:25 -0400
Received: from js.id.au (dsl-58-6-192-22.wa.westnet.com.au [58.6.192.22])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n8PC8EWv011998
	for <fedora-test-list@xxxxxxxxxx>; Fri, 25 Sep 2009 08:08:15 -0400
Received: from ns.demo.lan (unknown [192.168.4.10])
	by js.id.au (Postfix) with ESMTP id E589B5F408B
	for <fedora-test-list@xxxxxxxxxx>; Fri, 25 Sep 2009 20:08:11 +0800 (WST)
Received: from bobtail.demo.lan (Bobtail.demo.lan [192.168.9.109])
	by ns.demo.lan (Postfix) with ESMTP id 9DFC9474FCB
	for <fedora-test-list@xxxxxxxxxx>; Fri, 25 Sep 2009 20:08:11 +0800 (WST)
Message-ID: <4ABCB2AB.40905@xxxxxxxxx>
Date: Fri, 25 Sep 2009 20:08:11 +0800
From: Allen Kistler <an037-ooai8@xxxxxxxxx>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.8.1.19) Gecko/20090222 SeaMonkey/1.1.14
MIME-Version: 1.0
To: For testers of Fedora Core development releases
	<fedora-test-list@xxxxxxxxxx>
References: <4ABBEC74.6070509@xxxxxxxxx> <20090925063952.GA16327@xxxxxxxx>
	<4ABC74E7.3050705@xxxxxxxxx>
In-Reply-To: <4ABC74E7.3050705@xxxxxxxxx>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-RedHat-Spam-Score: 1.508 * (FORGED_YAHOO_RCVD,RDNS_DYNAMIC)
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11
X-Scanned-By: MIMEDefang 2.67 on 10.5.110.9
X-loop: fedora-test-list@xxxxxxxxxx
Subject: Re: Real mail addresses in list postings and resulting **SPAM**
X-BeenThere: fedora-test-list@xxxxxxxxxx
X-Mailman-Version: 2.1.5
Precedence: junk
Reply-To: For testers of Fedora Core development releases
	<fedora-test-list@xxxxxxxxxx>
List-Id: For testers of Fedora Core development releases
	<fedora-test-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/fedora-test-list>,
	<mailto:fedora-test-list-request@xxxxxxxxxx?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/fedora-test-list>
List-Post: <mailto:fedora-test-list@xxxxxxxxxx>
List-Help: <mailto:fedora-test-list-request@xxxxxxxxxx?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/fedora-test-list>,
	<mailto:fedora-test-list-request@xxxxxxxxxx?subject=subscribe>
Sender: fedora-test-list-bounces@xxxxxxxxxx
Errors-To: fedora-test-list-bounces@xxxxxxxxxx



I know that Thunderbird (or virtually any other client) can set
alternative identities.  Wholesale forgery is easy.  We're after
something subtler.

When you sent the message to the list, did you do it with an envelope
that identified you as you or did you do it with an envelope that
identified you as me?

The trick is to do it with an envelope that identifies you as you, but a
message header that identifies you as, say, invalid@xxxxxxxxxxxxxxxx
Thunderbird sets them to be the same, without an option to change that.
 (Hmm... Maybe an extension?)  Bruno mentioned mutt allows them to be
different.


I recently (days) saw an option to add an arbitrary header. I don't recall whether it was Thunderbird or Seamonkey - I have the Seamonkey 2.0 beta on Windows- but the config editor for Thunderbird and both versions of Seamonkey I have on Windows show what looks like it. See mail.compose selections.

It's a config-time option, not compose-time so it's not useful to me.


--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux