hide real e-mail address

Discussion in 'Windows Vista Security' started by t-4-2, Feb 12, 2009.

  1. t-4-2

    t-4-2 Guest

    Not sure where to post this question.
    WLM 14v.
    My alumni group website received an anonymous letter with invalid (fake )
    address.
    This alumni group site is Membership Only. Members must provide valid e-mail
    addresses and nobody is to send messages to the group without membership and
    valid acknowledged address.
    So, my question is, how did this happen ? How did the message get through,
    and how did the sender use faked address and still be able to send the
    message out ? We want to stop this. Please advise. Thank you.
    P.S. The anonymous message is NOT malicious. It contains concern of group's
    policy and requests changes. It is obviously sent by a current member. But
    still ........ did we get hacked ?
    t-4-2
     
    t-4-2, Feb 12, 2009
    #1
    1. Advertisements

  2. t-4-2

    Sam Hobbs Guest

    I don't understand. If it was sent by a current member then what is the
    problem?

    Perhaps you did answer that question already, but if you could clarify that,
    then it might help to have that clarified.
     
    Sam Hobbs, Feb 12, 2009
    #2
    1. Advertisements

  3. t-4-2

    t-4-2 Guest

    We assume the letter was sent by a current member, because the content of
    the message is not malicious. It is the manner the letter was sent in
    question.
    1. No name
    2. Fake address
    That comes back to my original question : How did the letter got sent AND
    arrived to our group site. We do not want this to happen again. I had
    experimented sending a message to the group via invalid address. Did not get
    sent.
    t-4-2
     
    t-4-2, Feb 12, 2009
    #3
  4. t-4-2

    Malke Guest

    Probably one of your members has an infected computer. It is common for
    certain malware to send emails to all the email addresses in the infected
    computer's addressbook. It is also common to have spoofed or fake return
    addresses in these cases.

    There's nothing you can do about it so move on.

    Malke
     
    Malke, Feb 12, 2009
    #4
  5. t-4-2

    RalfG Guest

    Indeed. Even without being infected I some time ago started receiving spam
    emails on a particular server that have my own email address from that mail
    server being spoofed as the sender address. Tough or impossible to filter.
    That address happens to be the only email address I use for public purposes
    and consequently 99.95% of the emails I get on that server are spam,
    phishing attempts or other malware infected crap. Even after emails are
    filtered on the mail server.

    OP can try looking at the Properties of the emails in question ->Details->
    Message Source, and see if the email routing information matches up with
    that of any of the current members. It's tedious to compare this against all
    the current members but it might be a way to find whose computer is
    infected, if any. Could also point to the group server itself having a leak
    if the email source is outside the circle of group members. The same email
    might be spammed to multiple groups in that case.
     
    RalfG, Feb 12, 2009
    #5
  6. t-4-2

    peter Guest

    Malke
    somehow I don't think this is an infection...the sender asked/was concerned
    about specific
    things related to the club
    "It contains concern of group's policy and requests changes. "
    ???????

    peter
     
    peter, Feb 13, 2009
    #6
  7. t-4-2

    t-4-2 Guest

    Someone actually read my original post !
    t-4-2

     
    t-4-2, Feb 13, 2009
    #7
  8. It seems to me that the software at the website that is supposed
    to filter out e-mail that doesn't comply with having acknowledged
    addresses is broken - or that the perpetrator has access to the
    acknowledged and accepted e-mail to edit it with a fake address
    after it has arrived.

    Who has the keys to the kingdom?
     
    FromTheRafters, Feb 13, 2009
    #8
  9. t-4-2

    t-4-2 Guest

    The " keeper " is a classmate with her husband as technical support. None of
    them could it figure out.
    t-4-2
     
    t-4-2, Feb 13, 2009
    #9
  10. Check into what vulnerabilities are reported for the software running
    on the website. Sometimes an attacker can write script into a webform
    and the software interprets it - or script can be bounced off a client.
     
    FromTheRafters, Feb 13, 2009
    #10
  11. t-4-2

    Malke Guest

    If there is an infection, it is not on the OP's machine and probably not on
    the mail server. If the body of the email wasn't one that had already been
    received (not unusual for the text to have been copied by the malware from
    an email sent on the possibly infected machine), then perhaps one of the
    members is playing silly games.

    Basically, there is no way to really know what is going on without being
    hands-on. Despite this having been posted in a Vista security newsgroup, we
    don't even know what OS the mailing list "server" is running or what
    mailing list software is being used. For all we know the mailing list
    "server" could be running Windows ME with some old mailing list software.

    The OP is not technically inclined nor apparently is the person who is
    taking care of the mailing list. If the members of the OP's list are really
    concerned they should get a competent local tech who understands about mail
    servers and malware to take a look.

    Malke
     
    Malke, Feb 13, 2009
    #11
  12. t-4-2

    t-4-2 Guest

    Quote "..... then perhaps one of the members is playing silly games.'

    Yes, we, the " keeper " of the group site and I ,concluded that. The
    question remains ......How.
    That's what we want to know.
    t-4-2
     
    t-4-2, Feb 13, 2009
    #12
  13. t-4-2

    Paul Adare Guest

    No one in this thread has a clue as to what "site" you're talking about. If
    you're depending on features of that "site" to provide security, no one is
    going to be able to answer your question unless they know something about
    the site in question.
     
    Paul Adare, Feb 13, 2009
    #13
  14. t-4-2

    Malke Guest

    Then get a professional in to look at the mail server as I already
    suggested. No one here can answer your question since none of us can
    examine the machine.

    Malke
     
    Malke, Feb 13, 2009
    #14
  15. t-4-2

    Sam Hobbs Guest

    You can post a question in an email newsgroup; a group familiar with the
    email software you are using.
     
    Sam Hobbs, Feb 15, 2009
    #15
  16. t-4-2

    tweakvista Guest

    You do know it's very easy to spoof email addresses? I can easily sen
    an email to the police saying im a terrorist but with your email
     
    tweakvista, Feb 15, 2009
    #16
  17. That's not the point.
    That's not the point either.

    If you have software that is supposed to be able to
    determine that an e-mail address is *real* and block all
    others, and e-mail with *fake* addresses still get through
    (or otherwise appear where they should have been prohibited
    from appearing), then something is broken. Either the
    filtering software is broken or the destination (where the
    e-mail appears) is accessible for editing by unauthorized
    persons.
     
    FromTheRafters, Feb 15, 2009
    #17
  18. t-4-2

    Sam Hobbs Guest

    If it is that easy to separate the good from the bad, then why is is so
    difficult to separate the desired messages from the spam?
     
    Sam Hobbs, Feb 16, 2009
    #18
  19. Spam often uses *real* e-mail addresses - not the *correct*
    ones, but real nonetheless.
     
    FromTheRafters, Feb 16, 2009
    #19
  20. t-4-2

    Charlie Tame Guest


    Most mail clients allow a person to use a "Reply to" address. Most of
    them use this if you supply it, if you do not then they use the "Real"
    email address you used to set up the account. For example I could have
    for one account and for another but in
    the first I use as the "Reply to" address thus no
    matter which I am using to "Send" with, the replies when people click on
    "Reply" will come to the same address, .

    (Both of those are "Fake" by the way because posting an email address in
    a newsgroup like this will get you 1000 spam emails a day :)

    So it is perfectly possible that the person has a fake address for good
    reason and accidentally posted to the group using it, the address your
    server saw may have been his / her real one, although you would normally
    "See" the fake reply to address listed in the post.

    But, you also asked how he / she was able to send the post. Well, his /
    her sending server probably doesn't care, in fact it's your receiving
    server that has to care, and generally there would be a list of
    acceptable senders usually called a "White List". Even if there IS a
    white list it can still fall victim to "Fake" addressing, but that's not
    something you can ever totally prevent.

    I think you may be worrying about something that is not terribly
    important, especially as the post was not malicious.
     
    Charlie Tame, Feb 17, 2009
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.