|
Michael Green's 'How To' Forum
|
| |
How To Forum
Re: Has your email address ever been hijacked .. ??
Posted By: Bill Hely In Response To: Has your email address ever been hijacked .. ?? (Paul White)
Date: Saturday, 30 October 2004, at 1:41 a.m.
eMail address hijacking is very, very common. The commonest scenario is that a pro spammer sends his junk to addresses on his list, and he ALSO spoofs the "Reply To" address with another address from his list.
Unrecognized "Failure" notices like that reported by Robert are very probably an example of this. But there are many other, and much more sophisticated, techniques in everyday use.
To get anywhere at all with fighting this type of identity theft you have to know quite a few things, like how to view message headers, how to interpret what is in the header, how to tell the spoofed lines from the real ones, how to determine who to send an abuse report to, how to present an abuse report in a format that is of use to the ISP you are reporting to, and so on. There is an automated way to determine who to send an abuse report to, but that alone won't get you anywhere unless you can present the ISP with useful information.
One of the most important entries in a header is the "Received: from" lines, but even they can be, and very often are, spoofed up to a certain point. If you charge in accusing someone identified from a "Received: from" line you may well be abusing some other innocent party.
Handling address hijacking is inextricably tied in with spam handling in general. Nothing causes more public wailing and gnashing of teeth than does the topic of spam, yet is is *unbelievably easy* to manage spam in a manner that requires an investment of no more than a couple of minutes per day. Practically ZERO false positives, and no "white lists" either, Sam - which are a COMPLETE waste of time and effort and highly inaccurate. If you start the "diligent work of making a list of all the people I expect to receive email from", you will have created a job for yourself for life AND you may very well miss a lot of important mail as well.
Websites like DNSSTUFF.COM can be very useful, but if you are looking up the wrong info there is very good chance that all you will achieve is to make an enemy of another innocent bystander.
To Paul, who asked "What would you do ..." I'd say that you have done the right thing so far. If indeed this was a case of "accidental" identity theft (which I'm struggling with) you did the right thing in making contact in a civil manner. However, that done, if it continues then you have no option but to treat her as an aggressor. Back full circle to Abuse Reports, etc.
In case you missed it folks I wrote a whole big book about these and many other security-related issues that confront people just like you every day. What's your time worth? If I saved you even one hour per month and charged you a one-time fee of $49 for the knowledge, I figure you would have to be at least a Thousand Dollars per annum better off! More likely I'll save you an hour a week - or more.
OK, this is an unashamed PLUG --- but in forums like this I do give specific answers where I can. However I can't condense several long and detailed chapters to a single message. Do yourselves a favor and start taking positive action instead of waiting to be hit with one puzzle or inconvenience after another. If you think I'm blowing hot air and my book does you no good, just get a refund.
But if you read it and act on the recommendations, every question raised in this thread will be answered in full --- along with just about every security/spam/hijacking/etc. query ever raised on this forum.
Best regards,
- Bill Hely
- Author: The Hacker's Nightmare
- http://HackersNightmare.com
How to keep hackers, worms and other 'germs' out of your PC.
| |
How To Forum is maintained by HowToCorp with WebBBS 5.12.
