Fishing mails coming from my own spamgourmet addresses

Use this forum to get help.

Fishing mails coming from my own spamgourmet addresses

Postby Marco2G » Mon Dec 03, 2018 6:12 pm

Hi everyone

I have been receiving a regular dose of fishing emails lately (the ones where they say they hacked my email accoung, then infected my OS and want to be sending all my porn history to my family and friends... you know, the usual).

Now the interesting thing is they seem to be coming from my very own disposable spamgourmet addresses.

Is it that trivial to send an email impersonating spamgourmet servers or what am I not understanding here?

I mean I could remove spamgourmet.com from my trusted senders but that seems problematic :).

Thanks a lot for any help.

Regards,

Marco
Marco2G
 
Posts: 7
Joined: Wed Jun 07, 2017 8:33 am

Re: Fishing mails coming from my own spamgourmet addresses

Postby ndvkroby » Wed Dec 05, 2018 9:50 pm

It is trivial to fake the sender:

S: 220 smtp.example.com ESMTP Postfix
C: HELO relay.example.com
S: 250 smtp.example.com, I am glad to meet you
C: MAIL FROM:<bob@example.com>
S: 250 Ok


( - from https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol)

What isn't as easy is faking the sending IP, which you can see in the message header:

Received: from gourmet8.spamgourmet.com (gourmet.spamgourmet.com [216.75.62.102])
by [my isp] ([xxx]) with ESMTP id [xxx]
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
for <[my protected address]>; Fri, 30 Nov 2018 [time]


And it's even harder if your email provider does some sort of domain-ip checking or other types of authentication.

But you can send almost anything in the MAIL FROM SMTP command.
ndvkroby
 
Posts: 9
Joined: Mon Sep 08, 2008 4:47 am


Return to Support / Hilfe / ayuda / ondersteuning / ...

Who is online

Users browsing this forum: No registered users and 22 guests

cron