Email Forgery Question

5 replies [Last post]
Kayin
Offline
SX Retired
Joined: 2008/10/09

Let's say I own the domain: IsCool.org
Let's also say that I have the e-mail address: Kayin@IsCool.org

Lately, Kayin@IsCool.org is getting e-mail FROM Kayin@IsCool.org containing various penis enlargement advertisements.

You see, Kayin already has a decently sized penis (his wife doesn't complain) so he does not need said advertisements. However, other random people might start to assume that Kayin@IsCool.org is selling these magic pills because he tried them and they work.

Needless to say, Kayin doesn't want everybody thinking he has a small penis and would like to prevent other people from sending e-mail using the address: Kayin@IsCool.org.

-------------

To get a little more technical, the e-mail is being sent through a completely different mail server. They're just spoofing the e-mail headers to make it appear as though it's from Kayin@IsCool.org to bypass spam filters.

It seems to be one of the downsides of e-mail. There is no authentication done to ensure that the user claiming Kayin@IsCool.org actually owns that e-mail address, unless one of you knows more than I do (which is entirely possible).

Would anyone here know of a good way to prevent that?

------------

Keeping in traditional SoldierX fashion - there is an annoying little trick you can do using this to anonymously e-mail bomb someone.

Call it the "Reverse Distributed E-mail Bomb"

1. Take the e-mail address of someone you don't like: "Kayin@IsCool.org"
2. Send a shit ton of e-mail with the "From" and "Reply-To" headers set to "Kayin@IsCool.org" to a bunch of e-mail addresses that you know don't exist, such as slskdjfjeijvneu@yahoo.com

The receiving mail servers will all reply to the "From" or "Reply To" address with bounce back messages saying the destination address doesn't exist. Do this 25,000 times and your victim will have an inbox with 25,000 bounce back messages making him an unhappy person.

-K

-K