23 Apr 2008

I R Spammer!


There’s no security in email. In particular, there’s no way to prevent forging anyone’s identity. It seems fairly obvious when you think about how the technology works, but that thought process requires a little technical insight. Basically, I could claim my email address is president@whitehouse.gov and send email to anyone appearing to be from King George. There’s no way contested email should ever hold up in court. Of course, you can trace the headers and wonder why the President would be sending mail from a small town ISP in Texas, but that’s beyond the capability of most email recipients and even the header trail can be fooled.

Anyway, a lot of spam software picks legitimate email addresses to stuff in a message’s From: line. It helps the message get through one line of spam detection (needing a legitimate domain, though the user name portion doesn’t need to be valid). So a lot of the spam that’s sent appears to come from a real individual at a real address – although he or she had nothing to do with it.

Well, my turn came up this week. Apparently one of the botnet spammers picked up one of my email addresses, and thousands – likely tens or hundreds of thousands – of spam messages have gone out signed by iain@aint.com. I know this, not because I’ve seen the messages, but because I’ve seen hundreds of bounce messages from stupidly configured mail transfer agents. “Your message was unable to be delivered.” Usually with the reason that the server had determined that it was spam. Hell, if it’s spam, why compound the problem by returning it, you idiot?

So right now there are probably several thousand people reading email from me saying “Buy herbal Viagra!” or “Hi, sexy, I’m Suzanne, let’s talk.”

If this is my fifteen minutes, I’m not impressed.

This entry was posted on Wednesday, April 23rd, 2008 at 10:32 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply