Reply Address Masking doesnot seem to work

General discussion re sg.

Reply Address Masking doesnot seem to work

Postby Guest » Sun Oct 19, 2003 12:48 pm

I tested it (Reply Address Masking enabled) out but still received the answer from the not masked original (=forwarded) address.
Guest
 

Postby Aaron » Mon Oct 20, 2003 12:57 pm

I agree , it's not really working , unless the guy is really inexperienced, your real address is there for all to see
Aaron
 

Works for me

Postby SysKoll » Mon Oct 20, 2003 3:23 pm

How did you test this? The masking works for me.

Here is what I did:
*I have enabled the "Reply Address Masking" and sent a message from a email address A to my spamgourmet account forwarding to address B.
*I received the email on mailbox B and replied.
*The reply was received on A and I checked the content: it didn't show any trace of forwarding address B.

The only way you can mess it up is if your mail client automatically insert your forwarding address in the header.

Please repeat the test described above and if you get a different result, let me know and give me a copy of the full headers of the reply.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Postby Kent » Fri Oct 24, 2003 12:56 am

The real email address is still getting through :oops: . When you look at the message Properties for the email that gets sent back to A with Reply Address Masking enabled, it appears as follows near the bottom:
.
.
.
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Disposition-Notification-To: "My Real Name" <My_Real_Email_Address>@domain.ca>
x-mimeole: Produced By Microsoft MimeOLE V6.00.2800.1165
Return-Path: jqh1@gourmet.spamgourmet.com

So the field that is revealing the true email address is Disposition-Notification-To:. This was using OE 6.0. I'm not sure how the other email programs handle it (ie. Outlook, Netscape Messenger, etc.).

Thanks,

Kent
Kent
 
Posts: 1
Joined: Fri Oct 24, 2003 12:44 am

Cannot blame OE for once

Postby SysKoll » Fri Oct 24, 2003 3:14 am

For once, we cannot blame Outlook Express (although you should seriously think about replacing this with Pegasus Mail or Netscape Messenger, considering the very serious unpatched vulnerabilities in OE).

The "Disposition-Notification-To:" field is authorized by RFC 2298. Not much we can do about it.

We are thinking about implementing some kind of censorship that would remove your forwarding address from your replies. We're not there yet. Right now, if you don't want that "Disposition-Notification-To:" field to be there, you have to use a different email client. I suggest to try mozilla (www.mozilla.org) and to use its Mail and Newsgroup component.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Re: Works for me

Postby Guest » Sat Oct 25, 2003 5:22 pm

SysKoll wrote:How did you test this? The masking works for me.

Here is what I did:
*I have enabled the "Reply Address Masking" and sent a message from a email address A to my spamgourmet account forwarding to address B.
*I received the email on mailbox B and replied.
*The reply was received on A and I checked the content: it didn't show any trace of forwarding address B.
.



Let's say I sent a test email from B to example.20.example@spamgourmet.com which sends it to A .

Which address are you supposed to reply to? Are you supposed to reply to the address in the "To" field or the "From" field?


I tried replying to the address in the "From" field, but That doesnt mask your real email ???
Guest
 

Postby SysKoll » Sat Oct 25, 2003 7:36 pm

Let's say I sent a test email from B to example.20.example@spamgourmet.com which sends it to A .

Which address are you supposed to reply to? Are you supposed to reply to the address in the "To" field or the "From" field?


If your "example" SG account has address masking enabled, it will mask your account.

In your scenario, correspondant B sends an email to your SG account which forwards it to your forwarding address A. At this stage, examine the email received on A. Its "From" field contains something like "+word+username+code.addressofB@spamgourmet.com". If you reply, the reply goes back to that SG address (+word+ etc.). SG sees in this address all the info it needs to forward the reply back to B. B should have your example.20.example@spamgourmet.com SG address in the "from" field.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

Postby josh » Sun Oct 26, 2003 7:03 am

I had things cracked open so I added

Disposition-Notification-To:

to the list of checked headers. Hopefully, the problem is fixed for that one.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby Aaron » Sun Oct 26, 2003 1:09 pm

SysKoll wrote:
Let's say I sent a test email from B to example.20.example@spamgourmet.com which sends it to A .

Which address are you supposed to reply to? Are you supposed to reply to the address in the "To" field or the "From" field?


If your "example" SG account has address masking enabled, it will mask your account.

In your scenario, correspondant B sends an email to your SG account which forwards it to your forwarding address A. At this stage, examine the email received on A. Its "From" field contains something like "+word+username+code.addressofB@spamgourmet.com". If you reply, the reply goes back to that SG address (+word+ etc.). SG sees in this address all the info it needs to forward the reply back to B. B should have your example.20.example@spamgourmet.com SG address in the "from" field.


Yes, so I gathered, but when i looked at the headers, it still states my original mail server and my connection to the mail server (my ip address). So looking at the raw headers I can see it was forwarded through spam gourmet.
Aaron
 

Raw headers

Postby SysKoll » Sun Oct 26, 2003 3:35 pm

Aaron,

Which headers are we talking about? Received? Others? Please be more specific.
-- SysKoll
SysKoll
 
Posts: 893
Joined: Thu Aug 28, 2003 9:24 pm

dfsds

Postby Aaron » Sun Oct 26, 2003 5:55 pm

Yes something like this.


Received from bah bah spamgourmet

REceived from blah blah my mailserver


Recevied from [My ip] blah blah
Aaron
 

Postby josh » Sun Oct 26, 2003 7:12 pm

If you have reply address masking enabled, the whole process should be transparent to you. You reply to the from or the reply to address -- whichever you'd normally reply to.

What will happen: your message will pass through spamgourmet on its way back to the original sender. When it does, the disposable address that the sender sent to will replace any instances of your real address in the From:, Reply-To: and related headers. (currently, Return-Path: From: Sender: X-Sender: X-Sent-From Disposition-Notification-To: Reply-To:)
The spamgourmet tagline at the end of the Subject line will also be removed (eg, (word: message 1 of 4))

What won't happen: If your real address appears in any non-standard headers (other than the ones mentioned above) or in the Subject or body of the message, it will remain in place. We do have a remedy for this on the to-do list. Also, the system will not remove the headers in the message that indicate your IP address and the the mail server that you used to send the message initially. Removing these wouldn't do much to improve spam protection, and could actually be construed as unlawful, given the language of some recent spam related bills and laws (definitely not contrary to the spirit of the legislation, but perhaps to the letter). From our perspective, it's also absolutely necessary for abuse prevention -- a subject that consumes 80% of our discussions in the developer forum :)
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby Guest » Mon Oct 27, 2003 12:08 pm

josh wrote:If you have reply address masking enabled, the whole process should be transparent to you. You reply to the from or the reply to address -- whichever you'd normally reply to.


What won't happen: If your real address appears in any non-standard headers (other than the ones mentioned above) or in the Subject or body of the message, it will remain in place. We do have a remedy for this on the to-do list. Also, the system will not remove the headers in the message that indicate your IP address and the the mail server that you used to send the message initially. Removing these wouldn't do much to improve spam protection, and could actually be construed as unlawful, given the language of some recent spam related bills and laws (definitely not contrary to the spirit of the legislation, but perhaps to the letter). From our perspective, it's also absolutely necessary for abuse prevention -- a subject that consumes 80% of our discussions in the developer forum :)


Okay, still I wonder what is the point of all this email address masking if the target can still see what the real email server is.
Guest
 

Postby josh » Tue Oct 28, 2003 5:22 pm

Spamgourmet's goal is to protect you from spammers, not to "anonymize" you, although it does have the effect of doing that to a reasonable degree.

When you get a chance, do a web search for "anonymous remailers", if you're not already familiar with them.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 18 guests

cron