-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
What the heck? People in company receiving emails from themselves
Page 4 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
manohartvs
Senior member
Subj : 455
Body : 5556 in my gmail.
I guess whenver there is a 6-6-6, I will get a 566 6667
OMG OMG OMG!! People will die!
Body : 5556 in my gmail.
I guess whenver there is a 6-6-6, I will get a 566 6667
OMG OMG OMG!! People will die!
Joemonkey
Diamond Member
I am the network admin, why do you ask? Are you trying to be condescending? Man why can't more people be like spidey...
Anyway, I am well aware the from email CAN be spoofed quite easily, I just didn't know if there was a way to tell HOW, like a signature in the header of whether it was some VBS script or something someone had just set up. If I was the ONLY person getting these emails, I would be worried. Also, someone stated above they have a footer that is added to all emails sent out by their mail server (I assume) and these emails had this footer attached as well which is odd.
My email logs show that these emails are being sent to thousands of email addresses at our domain, most of which do not exist. This is why i suggested the directory harvest attack. Also, since there is no attachment, it doesn't make sense it is currently a virus being sent out. Unfortunately, management will not allow me to simply let all emails sent to an unknown address die, they want NDRs sent out in case a client mistyped an email address. It now seems someone has at least a few known good email addresses from our domain.
If you have the resources to run multiple email servers it is trivially easy to do what her209 has suggested. It's also a good idea. It won't stop a current employee from forging an email from the CEO but it will stop former employees and useless spam like this. Internal email goes to one server which allows incoming email at @yourdomain.com. Internet email goes to another that doesn't.
RedCOMET
Platinum Member
This happened twice to me in one day. The first time, my computer wasn't even on at home. And even if my computer was on, there is no way i could send it to myself using my Universtiy Email address unless i used the webmail.
Oh well. I looked at the headers, but I couldn't make anything out of them. All of our mail gets filtered by Post Ini.
Oh well. I looked at the headers, but I couldn't make anything out of them. All of our mail gets filtered by Post Ini.
This is exactly how we run ours here. Inbound internet mail hits a relay server first which checks for spam, viruses and other unwanted crap before its forwarded to the mail serves. Our domain is blocked inbound from this server because internal mail will never touch it.
Edit. Our spam filtering software is picking off these messages though, so my users aren't even seeing them.
Phoenix86
Lifer
Your PC is not infected. Someone's machine, who has your name in their addy list, is infected. Their machine is sending you infected mail with a spoofed from field that shows your name. They spoof the from field to prevent blocking. Additionaly they will spoof <someimportantname>@yourdomain.com, like administrator@yourdomain.com or similar.
Again, this is not new; maybe a year or more old? I'm actually shocked you folks haven't seen this sooner. 🙂
I AM a Sys admin, and I DO receive these emails, but I fail to understand why you guys are flipping your lids over a widely known and long standing problem with the protocol. This is not new, this is not some crazy vulernability. Just tell your users to ignore the messages, or use your spam rules to help block them. I really can't believe this thread has gone on for so long. Especially since I already answered this question in the Networking forum yesterday...
AyashiKaibutsu
Diamond Member
It's the amount of time you have to live in minutes. Or it's aliens syncing their clocks using our internets! I can never remember which one this means.
Umm, have you bothered reading this thread at all? SMTP is an insecure protocol, you can forge the from field with ease, that is what is happening here. I can't give you specific steps for spam rules because I don't know which service your organization uses to block spam. Additionally, this thread is in the wrong forum, and I'm going out of my way to REPOST information that is readily available because you are too lazy to click on the Networking link. Finally, technical implementations will never keep up with org policy. If you don't want (or don't know how) to update your spam filters, then just TELL the people in your organization to delete the message. I certainly hope that was clear enough for you.
Joemonkey
Diamond Member
I looked for an existing thread, the one in networking doesn't exactly spell out what is going on in the title, especially since comcast has been so flaky lately anyway.
Since I could not find anything via searching google (especially since I'm really not sure how to pose the question) I thought I would start a thread in ATOT, since email really isn't a "networking" issue, and it would give me a good idea of how many people this is happening to due to the traffic generated here.
I stated in the OP that I would like to know HOW the from address is getting spoofed, and by that I meant in this specific instance of the numbers in subject/body. Maybe I should have mentioned something specific about the headers, or any other clues to look for. As a network admin I see spoofed "from" addresses all the time, I wasn't saying "OMG people can spoof your from address in an email? brand new news to me! 😕" and that seemed to be the question you were answering.
originally posted by: spidey07
was the best answer until
originally posted by: spidey07
came along, which i had hinted at in my OP concerning a directory harvest attack
no need to get all bent out of shape 😀
Since I could not find anything via searching google (especially since I'm really not sure how to pose the question) I thought I would start a thread in ATOT, since email really isn't a "networking" issue, and it would give me a good idea of how many people this is happening to due to the traffic generated here.
I stated in the OP that I would like to know HOW the from address is getting spoofed, and by that I meant in this specific instance of the numbers in subject/body. Maybe I should have mentioned something specific about the headers, or any other clues to look for. As a network admin I see spoofed "from" addresses all the time, I wasn't saying "OMG people can spoof your from address in an email? brand new news to me! 😕" and that seemed to be the question you were answering.
originally posted by: spidey07
was the best answer until
originally posted by: spidey07
came along, which i had hinted at in my OP concerning a directory harvest attack
no need to get all bent out of shape 😀
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
