bbs.spamgourmet.com

[ohthetrees]

Hello. I have a spamgourmet email address with 0 messages remaining. However one of my trusted senders is spamgourmet.com. I just got an email to that disposable address claiming to be from spamgourmet.com, with some sort of executable attatched. Obviously it wasn't really from spamgourmet, but perhaps was a spoofed header. My question is how did spamgourmet's own servers get fooled by a spoofed header claiming to be from spamgourmet? It seems to me that their servers should reject incoming messages claiming to be from spamgourmet.com. Below is the header. I have changed my identifying information.
Thanks in advance, Cedar




From: +webmaster+spamhandle+b923ff6203.webmas ... ourmet.com
Subject: Account Alert (spamgourmet.com: trusted sender for your account)
Date: June 3, 2005 9:45:40 AM PDT
To: webmaster.3.spamhandle@spamgourmet.com
Return-Path: <+webmaster+spamhandle+b923ff6203.webmaster#spamgourmet.com@spamgourmet.com>
X-Original-To: real_address@example.com
Delivered-To: real_address@example.com
Received: from gourmet.spamgourmet.com (gourmet.spamgourmet.com [216.218.230.146]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by linus.example.com (Postfix) with ESMTP id 254231FCE83 for <real_address@example.com>; Fri, 3 Jun 2005 09:46:08 -0700 (PDT)
Received: from gourmet.spamgourmet.com (localhost [127.0.0.1]) by gourmet.spamgourmet.com (8.12.11/8.12.11) with ESMTP id j53Gk16Z028462 for <real_address@example.com>; Fri, 3 Jun 2005 09:46:01 -0700
Received: (from jqh1@localhost) by gourmet.spamgourmet.com (8.12.11/8.12.11/Submit) id j53Gk0bl028460 for real_address@example.com; Fri, 3 Jun 2005 09:46:00 -0700
Received: from spamgourmet.com (sj-ez-63-96-163-139.bea.com [63.96.163.139] (may be forged)) by gourmet.spamgourmet.com (8.12.11/8.12.11) with ESMTP id j53Gjxbx028431 for <webmaster.3.spamhandle@spamgourmet.com>; Fri, 3 Jun 2005 09:45:59 -0700
Message-Id: <200506031645.j53Gjxbx028431@gourmet.spamgourmet.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0009_226576A9.6661CC11"
X-Priority: 3
X-Msmail-Priority: Normal

We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

[SysKoll]

We don't check for this case, that's true. Mostly because we didn't see that kind of problem too often so far.

[wshealy]

I got one too but it got blocked because I never considered adding you to my trusted sender list. I figured if you needed to get me you have my actual email address. Mine came from admin@recursor.net.

[josh]

just out of curiosity, why would you have spamgourmet.com as a trusted sender?

[Guest]

I have spamgourmet as a trusted sender because I have a couple of webapps (like a blog and gallery) set up that automatically email myself and others when new comments or content are added. The "sender" of these commments is something like "webmaster.3.spamhandle@example.com". By designating spamgourmet as a trusted sender, when I get an email from one of my own webapps, it doesn't reduce the number of remaining messages with that email address.