hide real e-mail address

[t-4-2]

Not sure where to post this question.
WLM 14v.
My alumni group website received an anonymous letter with invalid (fake )
address.
This alumni group site is Membership Only. Members must provide valid e-mail
addresses and nobody is to send messages to the group without membership and
valid acknowledged address.
So, my question is, how did this happen ? How did the message get through,
and how did the sender use faked address and still be able to send the
message out ? We want to stop this. Please advise. Thank you.
P.S. The anonymous message is NOT malicious. It contains concern of group's
policy and requests changes. It is obviously sent by a current member. But
still ........ did we get hacked ?
t-4-2

 

[Sam Hobbs]

I don't understand. If it was sent by a current member then what is the
problem?

Perhaps you did answer that question already, but if you could clarify that,
then it might help to have that clarified.

 

[t-4-2]

We assume the letter was sent by a current member, because the content of
the message is not malicious. It is the manner the letter was sent in
question.
1. No name
2. Fake address
That comes back to my original question : How did the letter got sent AND
arrived to our group site. We do not want this to happen again. I had
experimented sending a message to the group via invalid address. Did not get
sent.
t-4-2

 

[Malke]

We assume the letter was sent by a current member, because the content of
the message is not malicious. It is the manner the letter was sent in
question.
1. No name
2. Fake address
That comes back to my original question : How did the letter got sent AND
arrived to our group site. We do not want this to happen again. I had
experimented sending a message to the group via invalid address. Did not
get sent.

Probably one of your members has an infected computer. It is common for
certain malware to send emails to all the email addresses in the infected
computer's addressbook. It is also common to have spoofed or fake return
addresses in these cases.

There's nothing you can do about it so move on.

Malke

 

[RalfG]

Indeed. Even without being infected I some time ago started receiving spam
emails on a particular server that have my own email address from that mail
server being spoofed as the sender address. Tough or impossible to filter.
That address happens to be the only email address I use for public purposes
and consequently 99.95% of the emails I get on that server are spam,
phishing attempts or other malware infected crap. Even after emails are
filtered on the mail server.

OP can try looking at the Properties of the emails in question ->Details->
Message Source, and see if the email routing information matches up with
that of any of the current members. It's tedious to compare this against all
the current members but it might be a way to find whose computer is
infected, if any. Could also point to the group server itself having a leak
if the email source is outside the circle of group members. The same email
might be spammed to multiple groups in that case.

 

[peter]

Malke
somehow I don't think this is an infection...the sender asked/was concerned
about specific
things related to the club
"It contains concern of group's policy and requests changes. "
???????

peter

 

[t-4-2]

Someone actually read my original post !
t-4-2

Malke
somehow I don't think this is an infection...the sender asked/was
concerned about specific
things related to the club
"It contains concern of group's policy and requests changes. "
???????

peter

--
If you find a posting or message from me offensive,inappropriate
or disruptive,please ignore it.
If you dont know how to ignore a posting complain
to me and I will be only too happy to demonstrate

 

[FromTheRafters]

Not sure where to post this question.
WLM 14v.
My alumni group website received an anonymous letter with invalid (fake )
address.
This alumni group site is Membership Only. Members must provide valid
e-mail addresses and nobody is to send messages to the group without
membership and valid acknowledged address.
So, my question is, how did this happen ? How did the message get through,
and how did the sender use faked address and still be able to send the
message out ? We want to stop this. Please advise. Thank you.
P.S. The anonymous message is NOT malicious. It contains concern of
group's policy and requests changes. It is obviously sent by a current
member. But still ........ did we get hacked ?
t-4-2

It seems to me that the software at the website that is supposed
to filter out e-mail that doesn't comply with having acknowledged
addresses is broken - or that the perpetrator has access to the
acknowledged and accepted e-mail to edit it with a fake address
after it has arrived.

Who has the keys to the kingdom?

 

[t-4-2]

The " keeper " is a classmate with her husband as technical support. None of
them could it figure out.
t-4-2

 

[FromTheRafters]

Check into what vulnerabilities are reported for the software running
on the website. Sometimes an attacker can write script into a webform
and the software interprets it - or script can be bounced off a client.

 

[Malke]

Malke
somehow I don't think this is an infection...the sender asked/was
concerned about specific
things related to the club
"It contains concern of group's policy and requests changes. "

If there is an infection, it is not on the OP's machine and probably not on
the mail server. If the body of the email wasn't one that had already been
received (not unusual for the text to have been copied by the malware from
an email sent on the possibly infected machine), then perhaps one of the
members is playing silly games.

Basically, there is no way to really know what is going on without being
hands-on. Despite this having been posted in a Vista security newsgroup, we
don't even know what OS the mailing list "server" is running or what
mailing list software is being used. For all we know the mailing list
"server" could be running Windows ME with some old mailing list software.

The OP is not technically inclined nor apparently is the person who is
taking care of the mailing list. If the members of the OP's list are really
concerned they should get a competent local tech who understands about mail
servers and malware to take a look.

Malke

 

[t-4-2]

Quote "..... then perhaps one of the members is playing silly games.'

Yes, we, the " keeper " of the group site and I ,concluded that. The
question remains ......How.
That's what we want to know.
t-4-2

 

[Paul Adare]

Quote "..... then perhaps one of the members is playing silly games.'

Yes, we, the " keeper " of the group site and I ,concluded that. The
question remains ......How.
That's what we want to know.

No one in this thread has a clue as to what "site" you're talking about. If
you're depending on features of that "site" to provide security, no one is
going to be able to answer your question unless they know something about
the site in question.

 

[Malke]

Quote "..... then perhaps one of the members is playing silly games.'

Yes, we, the " keeper " of the group site and I ,concluded that. The
question remains ......How.
That's what we want to know.

Then get a professional in to look at the mail server as I already
suggested. No one here can answer your question since none of us can
examine the machine.

Malke

 

[Sam Hobbs]

You can post a question in an email newsgroup; a group familiar with the
email software you are using.

 

[FromTheRafters]

You do know it's very easy to spoof email addresses?

That's not the point.

I can easily send
an email to the police saying im a terrorist but with your
email ?

That's not the point either.

If you have software that is supposed to be able to
determine that an e-mail address is *real* and block all
others, and e-mail with *fake* addresses still get through
(or otherwise appear where they should have been prohibited
from appearing), then something is broken. Either the
filtering software is broken or the destination (where the
e-mail appears) is accessible for editing by unauthorized
persons.

 

[Sam Hobbs]

That's not the point.


That's not the point either.

If you have software that is supposed to be able to determine that an
e-mail address is *real* and block all others, and e-mail with *fake*
addresses still get through (or otherwise appear where they should have
been prohibited from appearing), then something is broken. Either the
filtering software is broken or the destination (where the e-mail appears)
is accessible for editing by unauthorized persons.

If it is that easy to separate the good from the bad, then why is is so
difficult to separate the desired messages from the spam?

 

[FromTheRafters]

If it is that easy to separate the good from the bad, then
why is is so difficult to separate the desired messages
from the spam?

Spam often uses *real* e-mail addresses - not the *correct*
ones, but real nonetheless.

 

[Charlie Tame]

The " keeper " is a classmate with her husband as technical support.
None of them could it figure out.
t-4-2

Most mail clients allow a person to use a "Reply to" address. Most of
them use this if you supply it, if you do not then they use the "Real"
email address you used to set up the account. For example I could have
(e-mail address removed) for one account and (e-mail address removed) for another but in
the first I use (e-mail address removed) as the "Reply to" address thus no
matter which I am using to "Send" with, the replies when people click on
"Reply" will come to the same address, (e-mail address removed).

(Both of those are "Fake" by the way because posting an email address in
a newsgroup like this will get you 1000 spam emails a day

So it is perfectly possible that the person has a fake address for good
reason and accidentally posted to the group using it, the address your
server saw may have been his / her real one, although you would normally
"See" the fake reply to address listed in the post.

But, you also asked how he / she was able to send the post. Well, his /
her sending server probably doesn't care, in fact it's your receiving
server that has to care, and generally there would be a list of
acceptable senders usually called a "White List". Even if there IS a
white list it can still fall victim to "Fake" addressing, but that's not
something you can ever totally prevent.

I think you may be worrying about something that is not terribly
important, especially as the post was not malicious.

 

[Charlie Tame]

Most mail clients allow a person to use a "Reply to" address. Most of
them use this if you supply it, if you do not then they use the "Real"
email address you used to set up the account. For example I could have
(e-mail address removed) for one account and (e-mail address removed) for another but in
the first I use (e-mail address removed) as the "Reply to" address thus no
matter which I am using to "Send" with, the replies when people click on
"Reply" will come to the same address, (e-mail address removed).

(Both of those are "Fake" by the way because posting an email address in
a newsgroup like this will get you 1000 spam emails a day

So it is perfectly possible that the person has a fake address for good
reason and accidentally posted to the group using it, the address your
server saw may have been his / her real one, although you would normally
"See" the fake reply to address listed in the post.

But, you also asked how he / she was able to send the post. Well, his /
her sending server probably doesn't care, in fact it's your receiving
server that has to care, and generally there would be a list of
acceptable senders usually called a "White List". Even if there IS a
white list it can still fall victim to "Fake" addressing, but that's not
something you can ever totally prevent.

I think you may be worrying about something that is not terribly
important, especially as the post was not malicious.