bbs.spamgourmet.com

[Guest]

Hi SG group

info to use in example
real email addres= realmail@operamail.com
recepient address=recipient@hotmail.com
sg user name=123456
reply address masking: enabled
I want to know if I am using my disposable adress right
ex:
the TO field should be this +word+123456+sgcode.recipient#hotmail.c ... ourmet.com

but the header that the recepient receive always shows the sending address account

if I send from my account through outlook in the recepient header would show "Received: from realmail@operamail.com"

if I send through webmail account in the recepient header would show "X-originating address: realmail@operamail.com"

no matter which account I use, example, from yahoomail to operamail, or operamail to hotmail account or what ever combination it will always show my account that I used to send the email in the header of the recepient mail account
while respecting the TO field and putting the following email address"+word+123456+sgcode.recipient#hotmail.com@spamgourmet.com"



Is that normail ?
if not what is the right way to do it
if yes it is normal, then what the idea to iniciate an email conversation with a disposable sg email account when anybody could get the originating email address ?

[josh]

you're probably doing it right. We *try* to get rid of all occurrences - we hit all the standard headers and several non-standard ones (X- headers are all non-standard), but someone's always coming up with a non-standard header that we don't cover. We generally add them, but we'll never get them all.

Currently, the code doesn't search the message for occurrences of the forwarding address and replace all of them - we'll get that in an upcoming version. Even that won't guarantee things, because your email program may be using a "real" address other than your forwarding address. Anyway, these are some of the things that classify us as a spam protection service and not an anonymizing service (do a web search for "anonymous remailer" if you're interested in sending truly anonymous email).

[josh]

I was thinking about it, and I went ahead and did the upgrade to search for the forwarding address (didn't seem like such a big deal all of a sudden). So, assuming that your mail program is using your forwarding address as the from address, try your test again, and it may come out differently.

[Guest]

Hi Josh
In this header you will see what I mean
I sended from my opera webmail account=sender@operamail.com
to my recepient@hotmail.com

so, in the operamail TO fields I would put this address

+word+sgusername+sgcode.recepient#hotma ... ourmet.com

and send it
when I go to my recepient@hotmail.com mail account I will get this header


MIME-Version: 1.0
X-Originating-IP: my ip addresss
Received: from gourmet.spamgourmet.com ([216.218.230.146]) by mc6-f2.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 29 Jul 2004 13:24:37 -0700
Received: from gourmet.spamgourmet.com (localhost [127.0.0.1])by localhost (8.12.10/8.12.9) with ESMTP id i6TKiCmp025396for <recepient@hotmail.com>; Thu, 29 Jul 2004 13:44:12 -0700
Received: (from jqh1@localhost)by gourmet.spamgourmet.com (8.12.10/8.12.10/Submit) id i6TKiCin025395for recepient@hotmail.com; Thu, 29 Jul 2004 13:44:12 -0700
Received: from webmail-outgoing.us4.outblaze.com (webmail-outgoing.us4.outblaze.com [205.158.62.67])by gourmet.spamgourmet.com (8.12.10/8.12.9) with ESMTP id i6TKiBmp025360for <+word+sgusername+sgcode.recepient#hotmail.com@spamgourmet.com>; Thu, 29 Jul 2004 13:44:11 -0700
Received: from wfilter.us4.outblaze.com (wfilter.us4.outblaze.com [205.158.62.180])by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id 745A0180180Cfor <+word+sgusername+sgcode.recepient#hotmail.com@spamgourmet.com>; Thu, 29 Jul 2004 20:24:31 +0000 (GMT)
Received: by ws5-6.us4.outblaze.com (Postfix, from userid 1001)id E56FE21B32F; Thu, 29 Jul 2004 20:24:28 +0000 (GMT)
Received: from [my ip addresss] by ws5-6.us4.outblaze.com with http for sender@operamail.com; Thu, 29 Jul 2004 15:24:26 -0500
X-Message-Info: JGTYoYF78jGDcrBcz26mOFG9wDXduaLR
X-OB-Received: from unknown (205.158.62.148) by wfilter.us4.outblaze.com; 29 Jul 2004 20:22:14 -0000
X-Mailer: MIME-tools 5.41 (Entity 5.404)
X-Originating-Server: ws5-6.us4.outblaze.com
Message-Id: <20040729202428.E56FE21B32F@ws5-6.us4.outblaze.com>
Return-Path: jqh1@gourmet.spamgourmet.com
X-OriginalArrivalTime: 29 Jul 2004 20:24:37.0374 (UTC) FILETIME=[119F01E0:01C475AA]



here you see my sender@opermail.com address, now my SG forwading email address is none of these 2 addresses
1-recepient@hotmail.com neither
2-sender@opermail.com
my forwarding email in SG account is "forwarding@mac.com" but I thing that this email should not be in the equation in this case.

and as You suggested I tried it again and the header is till show originating sender@operamail.com



this header is from hotmail account to operamail account

From: disposable@recursor.net
To: recipient@operamail.com
Cc:
Subject: from hotmail to operamail
Date: Thu, 29 Jul 2004 20:56:59 +0000
Return-Path: <jqh1@gourmet.spamgourmet.com>
Delivered-To: recepient:operamail.com@operamail.com
Received: (qmail 5529 invoked by uid 0); 29 Jul 2004 20:57:05 -0000
X-Ob-Received: from unknown (205.158.62.137)by mta45-2.us4.outblaze.com; 29 Jul 2004 20:57:05 -0000
Received: from gourmet.spamgourmet.com (gourmet.spamgourmet.com [216.218.230.146])by spf5-4.us4.outblaze.com (Postfix) with ESMTP id 8605C533D5for <recepient@operamail.com>; Thu, 29 Jul 2004 20:54:27 +0000 (GMT)
Received: from gourmet.spamgourmet.com (localhost [127.0.0.1])by localhost (8.12.10/8.12.9) with ESMTP id i6TLGemp009335for <recepient@operamail.com>; Thu, 29 Jul 2004 14:16:40 -0700
Received: (from jqh1@localhost)by gourmet.spamgourmet.com (8.12.10/8.12.10/Submit) id i6TLGe3V009334for recepient@operamail.com; Thu, 29 Jul 2004 14:16:40 -0700
Received: from hotmail.com (bay22-f33.bay22.hotmail.com [my ip address])by gourmet.spamgourmet.com (8.12.10/8.12.9) with ESMTP id i6TLGdmp009281for <+word+sgusername+sgcode.recepient#operamail.com@spamgourmet.com>; Thu, 29 Jul 2004 14:16:39 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;Thu, 29 Jul 2004 13:56:59 -0700
Received: from 67.68.223.21 by by22fd.bay22.hotmail.msn.com with HTTP;Thu, 29 Jul 2004 20:56:59 GMT
X-Originating-Ip: [my ip address]
X-Originating-Email: [sender@hotmail.com]
X-Sender: disposable@recursor.net
Mime-Version: 1.0
Content-Type: text/html
Message-Id: <BAY22-F336umLrXWq0G00056e53@hotmail.com>
X-Originalarrivaltime: 29 Jul 2004 20:56:59.0352 (UTC) FILETIME=[97215580:01C475AE]

there are a bit different when I use each account but both shows sender email no matter which account I use, even after you changed the code on the server as you suggested.
Thanx

[josh]

I'm still parsing through what you posted -- both of those are from spamgourmet address to a 3rd party account?

Here are the headers we change explicitly:

$message =~ s/(^Return-Path\: ).*$/$1 $sender/mi;
$message =~ s/(^From\: ).*$/$1 $sender/mi;
$message =~ s/(^Sender\: ).*$/$1 $sender/mi;
$message =~ s/(^X-Sender\:).*$/$1 $sender/mi;
$message =~ s/(^X-Sent-From\:).*$/$1 $sender/mi;
$message =~ s/(^Disposition-Notification-To:).*$/$1 $sender/mi;
$message =~ s/(^Reply-To\: ).*$/$1 $replyto/mi;

(the X- headers are non-standard (the smilies are caused by the bbs). We had the understanding that all the standard headers are covered).

Beyond that, we're scanning the entire message for instances of the account's forwarding address now, and replacing them with the disposable address.

Beyond that, it gets tough (aside from adding a new header or two for explicit checking). The only address we know is yours is the one that's used for the account - if we go beyond that, we risk screwing up other recipients, or just arbitrarily changing the text of a message (eg, "contact my employer at boss@example.com" becomes "contact my employer at <mydisposableaddress>").

One thing that's throwing me from your headers is that you said your forwarding address is @mac.com -- how do the messages get to hotmail? Does mac.com forward them again?

The header that says "Received: from [my ip addresss] by ws5-6.us4.outblaze.com with http for sender@operamail.com; " is throwing me, too, because isn't the message heading to (and is therefore "for" the hotmail address? I've never seen anything like that one.

Tracing the received lines, it's web browser -> outblaze1 for sender@operamail.com (which is *wrong*); outblaze1 -> outblaze2 (sort of) for +..+..#..@sg (which is right); outblaze2 -> sg1 for +..+..#..@sg; sg1 -> sg2 for @hotmail; sg2 -> hotmail --- not sure what to make of that first hand-off, and I don't see mac.com anywhere.

In the second set of headers, X-Orginating-Email is a non-standard header (that we don't check), and since the hotmail account is not the sg forwarding address, we have no way to peg it. We can add the header to list of checked headers, and that'll solve *this* problem. Realize, of course, that it's an uphill battle because there are so many different types of mail servers (and mail server configurations) that use custom headers.

In all this, you've got to assess the likelihood that those headers will land your address in the hands of a spammer

[josh]

doh! try it again. The code now subs out for the "From:" address

[Guest]

I know what is happening Josh

my forwarding email for my SG account is forwarding@mac.com
but I do not use it to send my emails, I will only get the forwarded emails when I give out addresses, these emails will be forwarded to forwarding@mac.com, which is my SG forwarding email address.

now this is clear.

Now imagine that I create a disposable address for this recepient
recipient@hotmail.com, and SG will create this disposable email address for me
+word+sgusername+sgcode.recipient#hotma ... ourmet.com
and say I will give this address +word+sgusername+sgcode.recipient#hotma ... ourmet.com
to my friend who do not have any SG account, and his email account is
sender@operamail.com, so he open his browser to webmail and send an email to this address
+word+sgusername+sgcode.recipient#hotma ... ourmet.com
then his address which is sender@opermail.com will definetly show in the recepient@hotmail.com header,
I guess this is the problem, because "you assumed or I did not explain correctly" that I am NOT sending the disposable address from my SG forwarding account forwarding@mac.com, but where in reality I am sending this address +word+123456+sgcode.recipient#hotmail.c ... ourmet.com
from a third party account which does not have anything with SG account, the sender@operamail.com is a third party account, which in a way it is my friend account who do not have anything to do with SG.

conclucion,
I can only be protected from seing my original sender email account if this condition is true

sender email account=forwarding email account

which in my case they were not

Is this conclusion is right ?

Thanx Josh

[Guest]

Josh you are a GENIUS

last try I did result are the way I thought it should be
thank you

just an explanation if you don't mind

forwarding email = forwarding@mac.com
sender email = third party account = sender@hotmail.com, sender@yahoo.com, sender@operamail.com
now I can initiate a conversation from any third party address
it does not have to be equal to forwarding address
sender@hotmail.com does not have to be equal forwarding@mac.com
even you can send from sender@hotmail.com, sender@yahoo.com, sender@operamail.com which all these addreses are not equals to forwarding@mac.com, and still recepient will get in the FROM field disposable@spamgourmet.com, and in the headers disposable@spamgourmet.com, which is the way it should be, cause that was the idea, is to hide your real email address.


Thank you Josh