Email Forgery Question
Let's say I own the domain: IsCool.org
Let's also say that I have the e-mail address: [email protected]
Lately, [email protected] is getting e-mail FROM [email protected] containing various penis enlargement advertisements.
You see, Kayin already has a decently sized penis (his wife doesn't complain) so he does not need said advertisements. However, other random people might start to assume that [email protected] is selling these magic pills because he tried them and they work.
Needless to say, Kayin doesn't want everybody thinking he has a small penis and would like to prevent other people from sending e-mail using the address: [email protected].
-------------
To get a little more technical, the e-mail is being sent through a completely different mail server. They're just spoofing the e-mail headers to make it appear as though it's from [email protected] to bypass spam filters.
It seems to be one of the downsides of e-mail. There is no authentication done to ensure that the user claiming [email protected] actually owns that e-mail address, unless one of you knows more than I do (which is entirely possible).
Would anyone here know of a good way to prevent that?
------------
Keeping in traditional SoldierX fashion - there is an annoying little trick you can do using this to anonymously e-mail bomb someone.
Call it the "Reverse Distributed E-mail Bomb"
1. Take the e-mail address of someone you don't like: "[email protected]"
2. Send a shit ton of e-mail with the "From" and "Reply-To" headers set to "[email protected]" to a bunch of e-mail addresses that you know don't exist, such as [email protected]
The receiving mail servers will all reply to the "From" or "Reply To" address with bounce back messages saying the destination address doesn't exist. Do this 25,000 times and your victim will have an inbox with 25,000 bounce back messages making him an unhappy person.
-K