bbs.spamgourmet.com

I tested it (Reply Address Masking enabled) out but still received the answer from the not masked original (=forwarded) address.

I agree , it's not really working , unless the guy is really inexperienced, your real address is there for all to see

How did you test this? The masking works for me.

Here is what I did:
*I have enabled the "Reply Address Masking" and sent a message from a email address A to my spamgourmet account forwarding to address B.
*I received the email on mailbox B and replied.
*The reply was received on A and I checked the content: it didn't show any trace of forwarding address B.

The only way you can mess it up is if your mail client automatically insert your forwarding address in the header.

Please repeat the test described above and if you get a different result, let me know and give me a copy of the full headers of the reply.

The real email address is still getting through . When you look at the message Properties for the email that gets sent back to A with Reply Address Masking enabled, it appears as follows near the bottom:
.
.
.
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Disposition-Notification-To: "My Real Name" <My_Real_Email_Address>@domain.ca>
x-mimeole: Produced By Microsoft MimeOLE V6.00.2800.1165
Return-Path: jqh1@gourmet.spamgourmet.com

So the field that is revealing the true email address is Disposition-Notification-To:. This was using OE 6.0. I'm not sure how the other email programs handle it (ie. Outlook, Netscape Messenger, etc.).

Thanks,

Kent

For once, we cannot blame Outlook Express (although you should seriously think about replacing this with Pegasus Mail or Netscape Messenger, considering the very serious unpatched vulnerabilities in OE).

The "Disposition-Notification-To:" field is authorized by RFC 2298. Not much we can do about it.

We are thinking about implementing some kind of censorship that would remove your forwarding address from your replies. We're not there yet. Right now, if you don't want that "Disposition-Notification-To:" field to be there, you have to use a different email client. I suggest to try mozilla (www.mozilla.org) and to use its Mail and Newsgroup component.

SysKoll wrote:How did you test this? The masking works for me.

Here is what I did:
*I have enabled the "Reply Address Masking" and sent a message from a email address A to my spamgourmet account forwarding to address B.
*I received the email on mailbox B and replied.
*The reply was received on A and I checked the content: it didn't show any trace of forwarding address B.
.

Let's say I sent a test email from B to example.20.example@spamgourmet.com which sends it to A .

Which address are you supposed to reply to? Are you supposed to reply to the address in the "To" field or the "From" field?


I tried replying to the address in the "From" field, but That doesnt mask your real email ???

Let's say I sent a test email from B to example.20.example@spamgourmet.com which sends it to A .

Which address are you supposed to reply to? Are you supposed to reply to the address in the "To" field or the "From" field?

If your "example" SG account has address masking enabled, it will mask your account.

In your scenario, correspondant B sends an email to your SG account which forwards it to your forwarding address A. At this stage, examine the email received on A. Its "From" field contains something like "+word+username+code.addressofB@spamgourmet.com". If you reply, the reply goes back to that SG address (+word+ etc.). SG sees in this address all the info it needs to forward the reply back to B. B should have your example.20.example@spamgourmet.com SG address in the "from" field.

I had things cracked open so I added

Disposition-Notification-To:

to the list of checked headers. Hopefully, the problem is fixed for that one.

SysKoll wrote:

Let's say I sent a test email from B to example.20.example@spamgourmet.com which sends it to A .

Which address are you supposed to reply to? Are you supposed to reply to the address in the "To" field or the "From" field?

If your "example" SG account has address masking enabled, it will mask your account.

In your scenario, correspondant B sends an email to your SG account which forwards it to your forwarding address A. At this stage, examine the email received on A. Its "From" field contains something like "+word+username+code.addressofB@spamgourmet.com". If you reply, the reply goes back to that SG address (+word+ etc.). SG sees in this address all the info it needs to forward the reply back to B. B should have your example.20.example@spamgourmet.com SG address in the "from" field.

Yes, so I gathered, but when i looked at the headers, it still states my original mail server and my connection to the mail server (my ip address). So looking at the raw headers I can see it was forwarded through spam gourmet.

Aaron,

Which headers are we talking about? Received? Others? Please be more specific.

Yes something like this.


Received from bah bah spamgourmet

REceived from blah blah my mailserver


Recevied from [My ip] blah blah

If you have reply address masking enabled, the whole process should be transparent to you. You reply to the from or the reply to address -- whichever you'd normally reply to.

What will happen: your message will pass through spamgourmet on its way back to the original sender. When it does, the disposable address that the sender sent to will replace any instances of your real address in the From:, Reply-To: and related headers. (currently, Return-Path: From: Sender: X-Sender: X-Sent-From Disposition-Notification-To: Reply-To:)
The spamgourmet tagline at the end of the Subject line will also be removed (eg, (word: message 1 of 4))

What won't happen: If your real address appears in any non-standard headers (other than the ones mentioned above) or in the Subject or body of the message, it will remain in place. We do have a remedy for this on the to-do list. Also, the system will not remove the headers in the message that indicate your IP address and the the mail server that you used to send the message initially. Removing these wouldn't do much to improve spam protection, and could actually be construed as unlawful, given the language of some recent spam related bills and laws (definitely not contrary to the spirit of the legislation, but perhaps to the letter). From our perspective, it's also absolutely necessary for abuse prevention -- a subject that consumes 80% of our discussions in the developer forum

josh wrote:If you have reply address masking enabled, the whole process should be transparent to you. You reply to the from or the reply to address -- whichever you'd normally reply to.


What won't happen: If your real address appears in any non-standard headers (other than the ones mentioned above) or in the Subject or body of the message, it will remain in place. We do have a remedy for this on the to-do list. Also, the system will not remove the headers in the message that indicate your IP address and the the mail server that you used to send the message initially. Removing these wouldn't do much to improve spam protection, and could actually be construed as unlawful, given the language of some recent spam related bills and laws (definitely not contrary to the spirit of the legislation, but perhaps to the letter). From our perspective, it's also absolutely necessary for abuse prevention -- a subject that consumes 80% of our discussions in the developer forum

Okay, still I wonder what is the point of all this email address masking if the target can still see what the real email server is.

Spamgourmet's goal is to protect you from spammers, not to "anonymize" you, although it does have the effect of doing that to a reasonable degree.

When you get a chance, do a web search for "anonymous remailers", if you're not already familiar with them.