[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication and email

To: wgchairs@ietf.org
Subject: Re: Authentication and email
From: David Mitton <david@mitton.com>
Date: Thu, 30 Jan 2003 09:16:23 -0500
In-reply-to: <6C0816A4-32A4-11D7-BA74-00039357A82A@extremenetworks.com>
References: <20030127234908.T3196-100000@oak.packetdesign.com>

On 1/28/2003 04:39 AM -0500, RJ Atkinson wrote:

On Mon, 27 Jan 2003, Harald Tveit Alvestrand wrote:

checking:

were those SPAM mails, or were those VIRUS mails?
we know that this has been a problem with virii, but so far, I haven't
seen
spammers using this deliberately.

Harald,

There definitely have been many non-virus spam messages sent out using
forgeries of one of my email addresses as the claimed source in the
From: line of the mail headers.  I have also seen non-virus spam
forgeries
using other IETF folks' mail address as the alleged source in the
From: line.

It is pretty clear that at least one spammer is using online archives
of IETF mailing lists as a place to grab From: information for their
header forgeries.  Sigh.

Ran

I'll point out that mailing list archives is just one place.

The RFCs and Drafts themselves also expose your email addresses in the Authors sections.

Dave.
---
Yes, it's happened to me too.

References:
- Re: Authentication and email
  - From: Stephen Casner <casner@acm.org>
- Re: Authentication and email
  - From: RJ Atkinson <rja@extremenetworks.com>

Prev by Date: Re: [iesg-secretary #5130] new versions coming - Re: It's time...
Next by Date: DDoS RID
Previous by thread: Re: Authentication and email
Next by thread: Re: Authentication and email
Index(es):
- Date
- Thread