Not sure where to post this question.
WLM 14v.
My alumni group website received an anonymous letter with invalid (fake )
address.
This alumni group site is Membership Only. Members must provide valid e-mail
addresses and nobody is to send messages to the group without membership and
valid acknowledged address.
So, my question is, how did this happen ? How did the message get through,
and how did the sender use faked address and still be able to send the
message out ? We want to stop this. Please advise. Thank you.
P.S. The anonymous message is NOT malicious. It contains concern of group's
policy and requests changes. It is obviously sent by a current member. But
still ........ did we get hacked ?
t-4-2

I don't understand. If it was sent by a current member then what is the
problem?

Perhaps you did answer that question already, but if you could clarify that,
then it might help to have that clarified.


"t-4-2" wrote in message
...
It is obviously sent by a current member. But still ........ did we get
hacked ?

We assume the letter was sent by a current member, because the content of
the message is not malicious. It is the manner the letter was sent in
question.
1. No name
2. Fake address
That comes back to my original question : How did the letter got sent AND
arrived to our group site. We do not want this to happen again. I had
experimented sending a message to the group via invalid address. Did not get
sent.
t-4-2

"Sam Hobbs" wrote in message
...
I don't understand. If it was sent by a current member then what is the
problem?

Perhaps you did answer that question already, but if you could clarify
that, then it might help to have that clarified.


"t-4-2" wrote in message
...
It is obviously sent by a current member. But still ........ did we get
hacked ?

t-4-2 wrote:

We assume the letter was sent by a current member, because the content of
the message is not malicious. It is the manner the letter was sent in
question.
1. No name
2. Fake address
That comes back to my original question : How did the letter got sent AND
arrived to our group site. We do not want this to happen again. I had
experimented sending a message to the group via invalid address. Did not
get sent.

Probably one of your members has an infected computer. It is common for
certain malware to send emails to all the email addresses in the infected
computer's addressbook. It is also common to have spoofed or fake return
addresses in these cases.

There's nothing you can do about it so move on.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Indeed. Even without being infected I some time ago started receiving spam
emails on a particular server that have my own email address from that mail
server being spoofed as the sender address. Tough or impossible to filter.
That address happens to be the only email address I use for public purposes
and consequently 99.95% of the emails I get on that server are spam,
phishing attempts or other malware infected crap. Even after emails are
filtered on the mail server.

OP can try looking at the Properties of the emails in question -Details-
Message Source, and see if the email routing information matches up with
that of any of the current members. It's tedious to compare this against all
the current members but it might be a way to find whose computer is
infected, if any. Could also point to the group server itself having a leak
if the email source is outside the circle of group members. The same email
might be spammed to multiple groups in that case.

"Malke" wrote in message
...
t-4-2 wrote:

We assume the letter was sent by a current member, because the content of
the message is not malicious. It is the manner the letter was sent in
question.
1. No name
2. Fake address
That comes back to my original question : How did the letter got sent AND
arrived to our group site. We do not want this to happen again. I had
experimented sending a message to the group via invalid address. Did not
get sent.

Probably one of your members has an infected computer. It is common for
certain malware to send emails to all the email addresses in the infected
computer's addressbook. It is also common to have spoofed or fake return
addresses in these cases.

There's nothing you can do about it so move on.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Malke
somehow I don't think this is an infection...the sender asked/was concerned
about specific
things related to the club
"It contains concern of group's policy and requests changes. "
???????

peter

--
If you find a posting or message from me offensive,inappropriate
or disruptive,please ignore it.
If you dont know how to ignore a posting complain
to me and I will be only too happy to demonstrate :-)

"Malke" wrote in message
...
t-4-2 wrote:


Probably one of your members has an infected computer. It is common for
certain malware to send emails to all the email addresses in the infected
computer's addressbook. It is also common to have spoofed or fake return
addresses in these cases.

There's nothing you can do about it so move on.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Someone actually read my original post !
t-4-2

"peter" wrote in message
...
Malke
somehow I don't think this is an infection...the sender asked/was
concerned about specific
things related to the club
"It contains concern of group's policy and requests changes. "
???????

peter

--
If you find a posting or message from me offensive,inappropriate
or disruptive,please ignore it.
If you dont know how to ignore a posting complain
to me and I will be only too happy to demonstrate :-)

"Malke" wrote in message
...
t-4-2 wrote:


Probably one of your members has an infected computer. It is common for
certain malware to send emails to all the email addresses in the infected
computer's addressbook. It is also common to have spoofed or fake return
addresses in these cases.

There's nothing you can do about it so move on.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

"t-4-2" wrote in message
...
Not sure where to post this question.
WLM 14v.
My alumni group website received an anonymous letter with invalid (fake )
address.
This alumni group site is Membership Only. Members must provide valid
e-mail addresses and nobody is to send messages to the group without
membership and valid acknowledged address.
So, my question is, how did this happen ? How did the message get through,
and how did the sender use faked address and still be able to send the
message out ? We want to stop this. Please advise. Thank you.
P.S. The anonymous message is NOT malicious. It contains concern of
group's policy and requests changes. It is obviously sent by a current
member. But still ........ did we get hacked ?
t-4-2

It seems to me that the software at the website that is supposed
to filter out e-mail that doesn't comply with having acknowledged
addresses is broken - or that the perpetrator has access to the
acknowledged and accepted e-mail to edit it with a fake address
after it has arrived.

Who has the keys to the kingdom?

The " keeper " is a classmate with her husband as technical support. None of
them could it figure out.
t-4-2

"FromTheRafters" wrote in message
...
"t-4-2" wrote in message
...
Not sure where to post this question.
WLM 14v.
My alumni group website received an anonymous letter with invalid (fake )
address.
This alumni group site is Membership Only. Members must provide valid
e-mail addresses and nobody is to send messages to the group without
membership and valid acknowledged address.
So, my question is, how did this happen ? How did the message get
through, and how did the sender use faked address and still be able to
send the message out ? We want to stop this. Please advise. Thank you.
P.S. The anonymous message is NOT malicious. It contains concern of
group's policy and requests changes. It is obviously sent by a current
member. But still ........ did we get hacked ?
t-4-2

It seems to me that the software at the website that is supposed
to filter out e-mail that doesn't comply with having acknowledged
addresses is broken - or that the perpetrator has access to the
acknowledged and accepted e-mail to edit it with a fake address
after it has arrived.

Who has the keys to the kingdom?

Check into what vulnerabilities are reported for the software running
on the website. Sometimes an attacker can write script into a webform
and the software interprets it - or script can be bounced off a client.

"t-4-2" wrote in message
...
The " keeper " is a classmate with her husband as technical support. None
of them could it figure out.
t-4-2

"FromTheRafters" wrote in message
...
"t-4-2" wrote in message
...
Not sure where to post this question.
WLM 14v.
My alumni group website received an anonymous letter with invalid
(fake ) address.
This alumni group site is Membership Only. Members must provide valid
e-mail addresses and nobody is to send messages to the group without
membership and valid acknowledged address.
So, my question is, how did this happen ? How did the message get
through, and how did the sender use faked address and still be able to
send the message out ? We want to stop this. Please advise. Thank you.
P.S. The anonymous message is NOT malicious. It contains concern of
group's policy and requests changes. It is obviously sent by a current
member. But still ........ did we get hacked ?
t-4-2

It seems to me that the software at the website that is supposed
to filter out e-mail that doesn't comply with having acknowledged
addresses is broken - or that the perpetrator has access to the
acknowledged and accepted e-mail to edit it with a fake address
after it has arrived.

Who has the keys to the kingdom?