SPAM from "myself" to myself

TheMSsForum.com: The Microsoft Software Forum

I've recently been getting (via AOL only) SPAM messages for pills and such
that have my own email address as the sender and recipient.

Does anyone have any insights into this before I struggle with the AOL
people. Is it possible to stop the real sender from imitating me in this way?

Thanks

ian
Top

Re: SPAM from "myself" to myself by Lionel

Lionel
Wed Nov 03 16:23:21 CST 2004

Presently, the sender of an e-mail is whatever you tell your e-mail program
to use for this field. You cannot rely on it. Spam that use your own address
as the sender is simply trying to work around some spam filters. The real
sender may be anyone, and you can't stop him from using your address (and
probably many other addresses). _You_ could easily use my e-mail address for
sending spam.

You should handle such messages exactly like any other kind of spam. Ignore
it, and use a spam filter. Do not add your own address to the whitelist.
Guessing the real sender may or may not be easy, but probably isn't worth
the time you'd spend.

If you do not like that... Well, the best solution is that you start using
S/MIME or PGP to add a secure signature to your e-mails. There is also some
work going on to add some checks in SMTP servers, by it'll be some time
before it becomes really whidespread.

"chromian" <chromian@discussions.microsoft.com> a écrit dans le message de
news: 0E4010E4-0538-48F1-88E9-4D0AFCDFEA40@microsoft.com...
> I've recently been getting (via AOL only) SPAM messages for pills and such
> that have my own email address as the sender and recipient.
>
> Does anyone have any insights into this before I struggle with the AOL
> people. Is it possible to stop the real sender from imitating me in this
> way?
>
> Thanks
>
> ian

Top

Re: SPAM from "myself" to myself by Karl

Karl
Wed Nov 03 20:41:27 CST 2004

Get some anti-spam software. Actually, AOL claims to already have that, but
you may have to either figure out how to configure it, or forward the spam
to AOL. The email address should be somewhere on their web site at
www.aol.com, but I'm guessing it's either abuse@aol.com or tos@aol.com

Anti-spam solutions, including some free ones, should be listed here:

http://securityadmin.info/faq.asp#spam


"chromian" <chromian@discussions.microsoft.com> wrote in message
news:0E4010E4-0538-48F1-88E9-4D0AFCDFEA40@microsoft.com...
> I've recently been getting (via AOL only) SPAM messages for pills and such
> that have my own email address as the sender and recipient.
>
> Does anyone have any insights into this before I struggle with the AOL
> people. Is it possible to stop the real sender from imitating me in this
way?
>
> Thanks
>
> ian


Top

Re: SPAM from "myself" to myself by chromian

chromian
Wed Nov 03 21:23:03 CST 2004

Thank you for the replies. I'll look into it. Ian

"Karl Levinson [x y] mvp" wrote:

> Get some anti-spam software. Actually, AOL claims to already have that, but
> you may have to either figure out how to configure it, or forward the spam
> to AOL. The email address should be somewhere on their web site at
> www.aol.com, but I'm guessing it's either abuse@aol.com or tos@aol.com
>
> Anti-spam solutions, including some free ones, should be listed here:
>
> http://securityadmin.info/faq.asp#spam
>
>
> "chromian" <chromian@discussions.microsoft.com> wrote in message
> news:0E4010E4-0538-48F1-88E9-4D0AFCDFEA40@microsoft.com...
> > I've recently been getting (via AOL only) SPAM messages for pills and such
> > that have my own email address as the sender and recipient.
> >
> > Does anyone have any insights into this before I struggle with the AOL
> > people. Is it possible to stop the real sender from imitating me in this
> way?
> >
> > Thanks
> >
> > ian
>
>
>
Top

Re: SPAM from "myself" to myself by Alun

Alun
Thu Nov 04 10:20:14 CST 2004

"Lionel Fourquaux" <use-reply-to@no-spam.invalid> wrote in message
news:uoaM6OfwEHA.356@TK2MSFTNGP10.phx.gbl...
> Presently, the sender of an e-mail is whatever you tell your e-mail
> program to use for this field. You cannot rely on it.

My favourite analogy is to note that the "From" header is as reliable as the
"From" address on a physical envelope in postal mail. Anyone could have
written anything there, even if it looks like a genuine sticky label from a
real company. There is almost nothing in the contents that couldn't have
been put there by anyone. The only thing you can rely on is the first
"Received" header, if you open up all of the headers to look. Everything
else was sent to your mail server from another system that is not under your
ISP's control, and is therefore less trustworthy than anything provided by
your ISP.

Particularly untrustworthy are sentences/headers such as "Scanned for
viruses".

As suggested, if you want to ensure that noone else trusts fake mail from
you, make sure you sign all your emails, and that the recipients know how to
verify your signature. If you want to ensure that you aren't trusting fake
email from others, insist on a signature, or some other proof. Take a look
at http://www.microsoft.com/athome/security/default.mspx for some more
articles on email fraud protection.

Alun.
~~~~


Top

Re: SPAM from "myself" to myself by Lionel

Lionel
Fri Nov 05 12:57:39 CST 2004

"Alun Jones [MSFT]" <alunj@online.microsoft.com> a écrit dans le message de
news: efKVwuowEHA.2908@tk2msftngp13.phx.gbl...
> My favourite analogy is to note that the "From" header is as reliable as
> the "From" address on a physical envelope in postal mail.

Yes, it's a good analogy. When compared to postal mail, I find it rather
interesting to see how widespread false From addresses have become.

Top

Re: SPAM from "myself" to myself by Alun

Alun
Fri Nov 05 15:20:19 CST 2004

"Lionel Fourquaux" <use-reply-to@no-spam.invalid> wrote in message
news:%23rODSl2wEHA.1512@TK2MSFTNGP12.phx.gbl...
> "Alun Jones [MSFT]" <alunj@online.microsoft.com> a écrit dans le message
> de news: efKVwuowEHA.2908@tk2msftngp13.phx.gbl...
>> My favourite analogy is to note that the "From" header is as reliable as
>> the "From" address on a physical envelope in postal mail.
>
> Yes, it's a good analogy. When compared to postal mail, I find it rather
> interesting to see how widespread false From addresses have become.

Consider the number of postal mail fraud laws, and the corresponding absence
of any such laws for email...

[Note: I am not a lawyer, your laws may be different to my laws, and even my
laws may be different from what I imagine they ought to be]

Alun.
~~~~



Top