Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
hide real e-mail address
Charlie Tame wrote:
t-4-2 wrote: The " keeper " is a classmate with her husband as technical support. None of them could it figure out. t-4-2 "FromTheRafters" wrote in message ... "t-4-2" wrote in message ... Not sure where to post this question. WLM 14v. My alumni group website received an anonymous letter with invalid (fake ) address. This alumni group site is Membership Only. Members must provide valid e-mail addresses and nobody is to send messages to the group without membership and valid acknowledged address. So, my question is, how did this happen ? How did the message get through, and how did the sender use faked address and still be able to send the message out ? We want to stop this. Please advise. Thank you. P.S. The anonymous message is NOT malicious. It contains concern of group's policy and requests changes. It is obviously sent by a current member. But still ........ did we get hacked ? t-4-2 It seems to me that the software at the website that is supposed to filter out e-mail that doesn't comply with having acknowledged addresses is broken - or that the perpetrator has access to the acknowledged and accepted e-mail to edit it with a fake address after it has arrived. Who has the keys to the kingdom? Most mail clients allow a person to use a "Reply to" address. Most of them use this if you supply it, if you do not then they use the "Real" email address you used to set up the account. For example I could have for one account and for another but in the first I use as the "Reply to" address thus no matter which I am using to "Send" with, the replies when people click on "Reply" will come to the same address, . (Both of those are "Fake" by the way because posting an email address in a newsgroup like this will get you 1000 spam emails a day So it is perfectly possible that the person has a fake address for good reason and accidentally posted to the group using it, the address your server saw may have been his / her real one, although you would normally "See" the fake reply to address listed in the post. But, you also asked how he / she was able to send the post. Well, his / her sending server probably doesn't care, in fact it's your receiving server that has to care, and generally there would be a list of acceptable senders usually called a "White List". Even if there IS a white list it can still fall victim to "Fake" addressing, but that's not something you can ever totally prevent. I think you may be worrying about something that is not terribly important, especially as the post was not malicious. |
|
|||
hide real e-mail address
"FromTheRafters" wrote in message
... Spam often uses *real* e-mail addresses - not the *correct* ones, but real nonetheless. More often they don't. Most often it is not possible to find an email address in the message that identifies who sent the message. If it were that easy, spam sent by that person would be eliminated. Only an amateur spammer would send spam with a *real* e-mail address anywhere in the message, except for using someone else's address in which case it is worse than none at all. If *real* e-mail address means someone else's email address, then in the context of my message, it is irrelevant whether the e-mail address is *real*. I said "separate the good from the bad", and when someone else's email address is used, a *real* e-mail address is either not useful or results in an invalid diagnosis. The invalid diagnosis is exactly why they use *real* e-mail addresses. |
|
|||
hide real e-mail address
"Sam Hobbs" wrote in message
... "FromTheRafters" wrote in message ... Spam often uses *real* e-mail addresses - not the *correct* ones, but real nonetheless. More often they don't. Most often it is not possible to find an email address in the message that identifies who sent the message. Still not the point. Even if the e-mail address does not identify who actually sent the message - it can still be a *real* e-mail address. If it were that easy, spam sent by that person would be eliminated. Only an amateur spammer would send spam with a *real* e-mail address anywhere in the message, except for using someone else's address in which case it is worse than none at all. But it is *real* and can be verified as *real*. If *real* e-mail address means someone else's email address, then in the context of my message, it is irrelevant whether the e-mail address is *real*. Sorry, I substituted *real* for the OP's *valid*. There is a difference between *my* real address and *any* real address. If his software is supposed to check the validity of e-mail addresses before allowing e-mail to be posted, that doesn't necessarily mean it checks that it is the real address of a member. If that *is* the function, then it is even more broken than I imagined. I said "separate the good from the bad", and when someone else's email address is used, a *real* e-mail address is either not useful or results in an invalid diagnosis. The invalid diagnosis is exactly why they use *real* e-mail addresses. Yes, if all it took to filter out spam was to check the validity of e-mail addresses (and all spam used invalid addresses) it would be a snap. That is *not* the case, and the OP was not talking about spam filtering. He evidently wants accountability for members' posted e-mails. Anyway, either the filtering doesn't work, or the e-mail's *valid* address is edited out after being posted. |
Thread Tools | |
Display Modes | |
|
|