On Sat, August 9, 2008 01:32, John Andersen wrote:
On Fri, Aug 8, 2008 at 4:19 PM, Jim Henderson
wrote: On Sat, 09 Aug 2008 00:52:37 +0200, Alexey Eremenko wrote:
I thought GMail would scan for all suspecious emails, and according to logical something that arrived into my GMail, with "From: al4321@gmail.com" - my email address, but never sent from my account is spoof.
It means, that GMail isn't protected
As Patrick said, it never went through gmail's servers -
And as Alexey said it DID arrive in his Gmail mailbox which, by definition means it DID go thru Gmail's server: inbound.
Gmail could have alerted Alexey that the mail was spoofed if the first few received headers didn't indicate a gmail origin.
I'm not sure what good it would do, as no-one else would get this alert except Alexey, but it seems do-able to me.
The listserve blurs things. If the spammer sent the email directly to
Alexey, yes then you have a point.
But it's not the spammer. Google sees a legitimate sender in the SMTP
session: opensuse.org. Checking for spoofing senders is an SMTP session
feature. That means at HELO (or EHLO). I don't know how I can explain
this. This is what I see in my postfix logs:
Aug 9 01:52:48 intrepid postfix/smtpd[27319]: connect from
lists4.suse.de[195.135.221.135]
Aug 9 01:52:48 intrepid postfix/smtpd[27319]: 92C55138076:
client=lists4.suse.de[195.135.221.135]
Aug 9 01:52:48 intrepid postfix/cleanup[27322]: 92C55138076:
message-id=<27061.81.82.3.9.1218239560.squirrel@intrepid.warp.be>
Aug 9 01:52:48 intrepid postfix/qmgr[19655]: 92C55138076:
from=