[opensuse] Re: Email Security question: Hijacked email !!! was: Vista
Alexey Eremenko wrote:
On Sat, Aug 9, 2008 at 12:37 AM, Kai Ponte <kai@perfectreign.com> wrote:
On Friday 08 August 2008 06:28:09 am Alexey Eremenko wrote:
Kai: BTW: In your case even the Name was emulates correctly in GMail, which means that GMail doesn't checks it at all.
No, that had nothing to do with gmail. It never went through gmail.
I thought GMail would scan for all suspecious emails, and according to logical something that arrived into my GMail, with "From: al4321@gmail.com" - my email address, but never sent from my account is spoof.
Why? I have multiple email domains that I use for different purposes. Company, open source activities, several project-specific ones, private, also even a googlemail.com that I rarely use. (Please note: not different mboxes in one domain, but different *domains*.) When I send email, I do so all the time from my own workstation, using my own mail server, and -- of course, using all those domain names, as the context requires. So, of course it might happen that a valid email from acm.org or googlemail.com did is not sent by their respective mail servers. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Aug 11, 2008 at 8:07 AM, Joachim Schrod <jschrod@acm.org> wrote:
Alexey Eremenko wrote:
On Sat, Aug 9, 2008 at 12:37 AM, Kai Ponte <kai@perfectreign.com> wrote:
On Friday 08 August 2008 06:28:09 am Alexey Eremenko wrote:
Kai: BTW: In your case even the Name was emulates correctly in GMail, which means that GMail doesn't checks it at all.
No, that had nothing to do with gmail. It never went through gmail.
I thought GMail would scan for all suspecious emails, and according to logical something that arrived into my GMail, with "From: al4321@gmail.com" - my email address, but never sent from my account is spoof.
Why?
I have multiple email domains that I use for different purposes. Company, open source activities, several project-specific ones, private, also even a googlemail.com that I rarely use. (Please note: not different mboxes in one domain, but different *domains*.)
When I send email, I do so all the time from my own workstation, using my own mail server, and -- of course, using all those domain names, as the context requires. So, of course it might happen that a valid email from acm.org or googlemail.com did is not sent by their respective mail servers.
Joachim
I don't know how the other anti-spoofing tools work, but with SPF you would be required to add a DNS entry to each of the domains to show your outbound SMTP server. Currently if (via your smtp server) you send an email with a from address of gmail.com to a SPF enabled recipient, your email should be ignored as invalid. The SPF way of doing things is do one of the below: 1) Register your outbound smtp server via DNS as an authorized domain email originator. 2) Configure your email client to use one of the authorized smtp originators for that domain. ie. if for a particular email your from address is gmail.com, then you need to use smtp.gmail.com (or whatever it is) as the smtp server for that specific email. I don't know if email clients are allowing you to configure an outbound smtp server based on the from fields yet or not. For SPF to be fully useful, you will need that feature. Greg -- Greg Freemyer Litigation Triage Solutions Specialist http://www.linkedin.com/in/gregfreemyer First 99 Days Litigation White Paper - http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf The Norcross Group The Intersection of Evidence & Technology http://www.norcrossgroup.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg Freemyer wrote:
On Mon, Aug 11, 2008 at 8:07 AM, Joachim Schrod <jschrod@acm.org> wrote:
Alexey Eremenko wrote:
<snip>
I have multiple email domains that I use for different purposes. Company, open source activities, several project-specific ones, private, also even a googlemail.com that I rarely use. (Please note: not different mboxes in one domain, but different *domains*.)
When I send email, I do so all the time from my own workstation, using my own mail server, and -- of course, using all those domain names, as the context requires. So, of course it might happen that a valid email from acm.org or googlemail.com did is not sent by their respective mail servers.
Joachim
I don't know how the other anti-spoofing tools work, but with SPF you would be required to add a DNS entry to each of the domains to show your outbound SMTP server.
Currently if (via your smtp server) you send an email with a from address of gmail.com to a SPF enabled recipient, your email should be ignored as invalid.
The SPF way of doing things is do one of the below: 1) Register your outbound smtp server via DNS as an authorized domain email originator. 2) Configure your email client to use one of the authorized smtp originators for that domain. ie. if for a particular email your from address is gmail.com, then you need to use smtp.gmail.com (or whatever it is) as the smtp server for that specific email.
I don't know if email clients are allowing you to configure an outbound smtp server based on the from fields yet or not. For SPF to be fully useful, you will need that feature.
Greg
I tend to be with Joachim with this one, however I would like add this is IMHO a complex solution to a non-problem. Sending messages as someone else has been around since the first clay tablet was sent (thrown) from A to B, and measures to indicate that A is really A have been around since soon after then. It is called a signature (or seal)... in the case of e-Mail this thing can be digital in nature (and a lot harder to copy than the manual signature or physical seal). Possibly the simplest and most elegant solution would be for the mail server to validate the signature of the sender if you really needed to filter at the server, rather than adding a dodgy DNS hack, or the more complex DKIM mechanism. Then it becomes a matter of individual rather than collective responsibility. I suspect that the logic behind this is more about getting to people to use centralised commercial mail services than any real enhancement to peoples email security. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkij8NEACgkQasN0sSnLmgI2DwCgkb6nvh3usd0cWR7Zi1jMpA4N wD8An2BMYdsUlXW1Ep4M1uqBJCmiIW1N =VUSF -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
G T Smith
-
Greg Freemyer
-
Joachim Schrod