Re: [opensuse] Re: Email Security question: Hijacked email !!! was: Vista

On Mon, Aug 11, 2008 at 8:07 AM, Joachim Schrod <jschrod@xxxxxxx> wrote:
Alexey Eremenko wrote:

On Sat, Aug 9, 2008 at 12:37 AM, Kai Ponte <kai@xxxxxxxxxxxxxxxx> wrote:

On Friday 08 August 2008 06:28:09 am Alexey Eremenko wrote:

Kai: BTW: In your case even the Name was emulates correctly in GMail,
which means that GMail doesn't checks it at all.

No, that had nothing to do with gmail. It never went through gmail.

I thought GMail would scan for all suspecious emails,
and according to logical something that arrived into my GMail, with
"From: al4321@xxxxxxxxx" - my email address, but never sent from my
account is spoof.

Why?

I have multiple email domains that I use for different purposes. Company,
open source activities, several project-specific ones, private, also even a
googlemail.com that I rarely use. (Please note: not different mboxes in one
domain, but different *domains*.)

When I send email, I do so all the time from my own workstation, using my
own mail server, and -- of course, using all those domain names, as the
context requires. So, of course it might happen that a valid email from
acm.org or googlemail.com did is not sent by their respective mail servers.



Joachim

I don't know how the other anti-spoofing tools work, but with SPF you
would be required to add a DNS entry to each of the domains to show
your outbound SMTP server.

Currently if (via your smtp server) you send an email with a from
address of gmail.com to a SPF enabled recipient, your email should be
ignored as invalid.

The SPF way of doing things is do one of the below:
1) Register your outbound smtp server via DNS as an authorized domain
email originator.
2) Configure your email client to use one of the authorized smtp
originators for that domain. ie. if for a particular email your from
address is gmail.com, then you need to use smtp.gmail.com (or whatever
it is) as the smtp server for that specific email.

I don't know if email clients are allowing you to configure an
outbound smtp server based on the from fields yet or not. For SPF to
be fully useful, you will need that feature.

Greg
--
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: Is this a stupid question?
    ... I can't send e-mails because Mail can't use the ... literature that I'd be able to send from any account. ... would suggest the vodafone smtp server is 'send.vodafone.net'. ... Be aware that if you use GMail's SMTP server with your Gmail ...
    (uk.comp.sys.mac)
  • Re: Google mail blacklisted?
    ... example I couldn't use my Orange smtp server in California last week. ... Gmail is also web based and works anywhere you can get a connection. ... use an ssh connection to a remote system ...
    (uk.telecom.broadband)
  • Re: Ask EU mail sending message
    ... Could somerat tell me which bit of my system I should be looking at in response to the following, which I get when I try to send mail: ... You are trying to use an SMTP server which is not owned by the ISP you're currently connected to - this has been blocked for decades to stop spammers sending mail via other companies' mail servers. ... If all else fails, create a gmail address quickly if you haven't got one already and then set all your mail up so you can send out using the gmail smtp, making gmail your default outgoing mailserver for everything. ...
    (uk.media.radio.archers)
  • Re: Wi-fi and SMTP
    ... I have an Apple Mac Powerbook with a wireless card. ... of the relevant SMTP server - is that correct? ... The simplest solution is to get a Gmail account, ... be sending to your original email address. ...
    (alt.internet.wireless)