On Fri, Aug 8, 2008 at 5:03 PM, Amedee Van Gasse
On Sat, August 9, 2008 01:32, John Andersen wrote:
On Fri, Aug 8, 2008 at 4:19 PM, Jim Henderson
wrote: On Sat, 09 Aug 2008 00:52:37 +0200, Alexey Eremenko wrote:
I thought GMail would scan for all suspecious emails, and according to logical something that arrived into my GMail, with "From: al4321@gmail.com" - my email address, but never sent from my account is spoof.
It means, that GMail isn't protected
As Patrick said, it never went through gmail's servers -
And as Alexey said it DID arrive in his Gmail mailbox which, by definition means it DID go thru Gmail's server: inbound.
Gmail could have alerted Alexey that the mail was spoofed if the first few received headers didn't indicate a gmail origin.
I'm not sure what good it would do, as no-one else would get this alert except Alexey, but it seems do-able to me.
The listserve blurs things. If the spammer sent the email directly to Alexey, yes then you have a point. But it's not the spammer. Google sees a legitimate sender in the SMTP session: opensuse.org. Checking for spoofing senders is an SMTP session feature. That means at HELO (or EHLO). I don't know how I can explain this. This is what I see in my postfix logs:
Aug 9 01:52:48 intrepid postfix/smtpd[27319]: connect from lists4.suse.de[195.135.221.135] Aug 9 01:52:48 intrepid postfix/smtpd[27319]: 92C55138076: client=lists4.suse.de[195.135.221.135] Aug 9 01:52:48 intrepid postfix/cleanup[27322]: 92C55138076: message-id=<27061.81.82.3.9.1218239560.squirrel@intrepid.warp.be> Aug 9 01:52:48 intrepid postfix/qmgr[19655]: 92C55138076: from=
, size=4454, nrcpt=1 (queue active) Aug 9 01:52:48 intrepid postfix/smtpd[27319]: disconnect from lists4.suse.de[195.135.221.135] As you can see, the SMTP session only sees opensuse+bounces-67833-amedee=amedee.be@opensuse.org as the sender, even if the original sender was amedee@amedee.be. By the way there is a + separator, that means for checking valid mailboxes you can ignore everything after the + so the sender address is really opensuse@opensuse.org.
-- Amedee
--
When I said "First few Received Headers" I did NOT mean the top-most. I mean the first. Just above the body. Check it out in this email. Opensuse does not "blur" these. -- ----------JSA--------- There are 10 kinds of people in this world, those that can read binary and those that can't. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org