mailing list archives
RE: Protection against fake mails
From: Craig Wright <Craig.Wright () bdo com au>
Date: Mon, 14 Apr 2008 14:18:59 +1000
If I want to be really clever....
Compromise a router on the path between a mail server on the route of the email you want to spoof.
Spoof the IP of the mail server and set rules on the router to store and forward packets allowing all real mails on and
answering your own packets
Create a script using valid options (too easy to make a typo yourself). A few bounce messages to a throw-away account
will give you all you need from the header.
Send Real looking but fake email. Fake IP, fake options and it will seem forensically sound. The only thing will be
logs and headers on the senders site - and this may not be available.
Craig Wright (GSE-Compliance)
Manager, Risk Advisory Services
Direct : +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914
BDO Kendalls (NSW-VIC) Pty. Ltd.
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
The information in this email and any attachments is confidential. If you are not the named addressee you must not
read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received
this message in error, please notify the sender by return email, destroy all copies and delete it from your system.
Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls.
You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or
Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer
viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may
result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy
statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator ()
bdo com au
BDO Kendalls is a national association of separate partnerships and entities. Liability limited by a scheme approved
under Professional Standards Legislation.
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nick Owen
Sent: Friday, 11 April 2008 12:40 AM
Cc: security-basics () securityfocus com
Subject: Re: Protection against fake mails
If we a do a google search for the following string "Send free,
anonymous and easy fake email", one of the sites we get is
'deadfake.com'...and many others. I can send an email to myself from
myself by filling in the two fields at the website.
Technically, what such sites seems to be doing is that, such mailers add
an X-Mailer attribute to the message header indicating the message
origin, and an X-Originating-Ip (a real one).
How do I guard against such emails originating from fake email
impersonations. Is there something I can do at our email gateway, proxy
or exchange sever (2003) levels?
As an aside, what a great spam target collection tool.
WiKID Systems, Inc.
Commercial/Open Source Two-Factor Authentication
Re: Port Monitoring Software Paul Halliday (Apr 09)
Re: Port Monitoring Software Robert Larsen (Apr 14)