Hide the real address ??

Discussion in 'Windows Live Mail' started by t-4-2, Feb 12, 2009.

  1. t-4-2

    t-4-2 Guest

    Pardon me for cross posting. Don't know exactly which newsgroup I should
    post to.

    Not sure where to post this question.
    WLM 14v.
    My alumni group website received an anonymous letter with invalid (fake )
    address.
    This alumni group site is Membership Only. Members must provide valid e-mail
    addresses and nobody can send messages to the group without membership and
    valid acknowledged address.
    So, my question is, how did this happen ? How did the message get through,
    and how did the sender use faked address and still be able to send the
    message out ? We want to stop this. Please advise. Thank you.
    P.S. The anonymous message is NOT malicious. It contains concern of group's
    policy and requests changes. It is obviously sent by a current member. But
    still ........ did we get hacked ?
    t-4-2
     
    t-4-2, Feb 12, 2009
    #1
    1. Advertisements

  2. t-4-2

    N. Miller Guest

    Not necessary to "hack" a site for this kind of email. All that is needed to
    send email is a valid recipient email address. If the recipient email
    address is valid, the SMTP system will deliver it; regardless of the
    validity of the sender email address.
     
    N. Miller, Feb 12, 2009
    #2
    1. Advertisements

  3. t-4-2

    ...winston Guest

    The recipient address needs to be valid.
    I.e. since your alumni group's website email address(the recipient) is valid, it will receive it and deliver to the accounts
    inbox, unless caught in advance by your mail server or isp filters and deleted or filtered to a web site spam folder.

    You asked how does this happen.

    a. The recipient email address is known or findable
    b. The recipient's email address was harvested from an alumni's address book by malware and distributed(quite common)to spam and
    malware originators.
    c. The recipient's email address is easily generated by software generating forms of potential email address for known domains.
    d. The list goes on....


    --
    ...winston
    ms-mvp mail

     
    ...winston, Feb 12, 2009
    #3
  4. t-4-2

    N. Miller Guest

    My method of testing this would be to initiate a Telnet session to the
    gateway (MX) mail server. This would require a connection with an IP address
    which would not be rejected by that MX server. If that MX server is
    configured to drop "invalid" email addresses, then there is something
    special about that server which nobody but that server administrator can
    help you with. Perhaps some member with an inside connection to the server.

    However, such a configuration as you describe is not normal, and special
    configurations, not known to outsiders, can't be explained by outsiders.
     
    N. Miller, Feb 14, 2009
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.