Honest, I am not a spammer! I would also never ask anyone to increase, improve, buy, or decrease anything via e-mail. Yet, if you believe the "From" addresses in spam, you might think otherwise. This is more of a heads-up than a tip. The subject is forged "From" addresses. SMTP protocol has no built-in authentication since it was created back when we programmers trusted the Internet. Its purpose was to exchange information, so why anyone would want to provide false information was beyond comprehension.
Since there are many valid reasons why one might want to send an e-mail with a different "from" or "reply-to" address, it is simple to forge e-mail as being from a different address. Valid reasons for forged addresses include using a borrowed account when traveling or sending out newsletters.
If you or your users are getting indignant reply emails, or "From: MAILER-DAEMON" delivery errors for e-mails you/they have not sent, you are being used as a front (forged from address) for spammers.
For years spammers have been using forged headers. More recently they have been harvesting addresses from Web sites to use both for sending and for forged "from" addresses. Most recently viruses are being used to harvest address book e-mail lists to use for more targeted spam (meaning e-mail that gets opened, thus possibly spreading more viruses, or harvesting information about valid addresses). This technique includes using an address from one particular stolen address
This means we need new rules to give to users, at least until some of the proposed SMTP-protocol changes are widely implemented. Until then, here are some things to think about, institute, or recommend to your users:
- Turn off any type of preview, HTML, or image viewing in e-mail reader programs. Why not force real people to send plain text with attachments instead of HTML e-mail? (most spam is in HTML format) While you are at it, set all e-mail programs to send plain text instead of HTML, which is an open door to a spammer's future protocol hacking.
- Use some type of digital signing tool to validate e-mail.
- Have a policy to not change 'from' addresses, but use a subject line to let people know an e-mail address (account) is being borrowed legitimately.(Subject: this is fred mallett, using Lucinda's e-mail address)
- Follow up on the above: you can set sendmail to reject all forged "from" addresses. This could cause many legitimate e-mails to be rejected, but it might be worth the rejected spam and virus e-mails.
As always, it all boils down to your decision as a LINUX administrator to decide how much garbage should be let in the door to get a few more legitimate e-mails to where they belong.
Fred Mallett is founder of FAME Computer Education, which provides standup delivery of educational classes on a variety of UNIX, Linux and Win32-related subjects. Reach him at firstname.lastname@example.org.
This was first published in October 2003