I am not sure where this belongs in our musings, but I do think that it
is rather important. The most recent Mydoom attacks used, as have many
before, spoofed email addresses. So far so obvious.
I am working at a large company at the moment, and I noticed that when a
Mydoom variant email came to me at work, it appeared to come from
someone inside the corporation. Not a surprise you say. In fact what had
happened was that it had come through from the outside with a spoofed
address, but that wasn't obvious.
My knee jerk reaction was "duh" all we have to do is a reverse lookup on
the sending IP address, compare with the domain name in the from and the
return fields and truncate if there was no match. Piece of cake.
Well further investigation makes that strategy rather tricky.
Computerworld and The Wall Street Journal both have the ability to email
articles to friends. A handy service indeed.
The glitch is that when the email arrives in my inbox, the from address
is the address of the person sending it, not the publication itself.
Those guys have spoofed my email address if I am the sender. Clearly the
mail needs to be identified as being sent at my request, but I am
definitely not the sender. They are.
So my scheme to block spoofed mail is torpedoed by the need to receive
these publications. I suspect that since they probably all use one of a
few software packaged products, there are many others who behave this
way
What does this group think should be the correct way for the magazines
to behave? What does the group think is the likelihood that they will
even take any notice?
Regards
Chris
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg