how can people send mail using other peoples' domain names

Forum Moderators: buckworks & webwork

Message Too Old, No Replies

how can people send mail using other peoples' domain names

email addresses using others' domains

macneil

3:56 am on Mar 8, 2003 (gmt 0)

I got a scam email the other day. It said it came from Paypal and they need my credit card number & exp date etc to update their records. I know it's a scam so no biggie but the email came from info@paypal.com and when you hit reply it shows it's going to info@paypal.com. How is this done? Is there something I am not seeing. The reason I ask is a competitor has sent me several virus in emails but he has also sent some to others and made it look like they came from me. How is it that people can send people emails with my return address on them? Thank you

korkus2000

4:01 am on Mar 8, 2003 (gmt 0)

In most email programs you can set the email address. Thats why you get a lot of email that cannot be replied to by spammers. You are also looking at reduced headers. You can turn on full headers and get a better idea of where these are originating from. I had a spammer use abuse@mydomain.com so they sent replies back to my ISP.

dingman

11:13 pm on Mar 8, 2003 (gmt 0)

The "to", "from", "cc" and "subject" headers are all meaningless. You can tell any SMTP mail server to put any text you choose in any of those fields, and it will. They don't have to have anything to do with where you actually send the message. Most people are honest in the "from" line, but there's no reason you even have to include one, much less have it be true.

macneil

12:11 am on Mar 9, 2003 (gmt 0)

very helpful replies. Thank you.

Crazy_Fool

1:09 am on Mar 9, 2003 (gmt 0)

it might not be the competitor sending the virus. most likely it's that someone with the klez virus has visited both your site and the competitor's site and it is that person sending the viruses.

klez spoofs the from address to be any email address on that persons computer, including any email addresses stored in text files or cached copies of web pages in temporary internet files folder.

search on symantec.com for klez to find the cure.

because klez spoofs the from address, it's difficult to trace who the person whose computer is affected. check the full headers of infected mails to see which ISP the emails were sent from. check the full headers of all incoming email over the last few months (eudora lets you search the headers, don't know if outlook does as well) for the same ISP. you'll find a bunch of customers using that ISP.

send them all an email very politely saying someone using XYZ ISP has the klez virus and you're sending the email to everyone you know who uses that ISP - make it clear you are not accusing them of spreading a virus, just helping them to check their systems etc. include some basic info about what klez does (spoofing from address) etc and how easy it is to remove it. include link to klez page on symantec site.

most people will be grateful that you've done this and if someone on that list is infected, they'll clean up.

then all you gotta do is apologise to your competitor for accusing him of sending viruses :)