Sunday, November 4, 2007

Spam? or Not?

-----Original Message-----
From: encarnacionadlsc
Sent: Tuesday, October 23, 2007 2:37am
To: ManTech-07-08-2@yahoogroups.com
Subject: [ManTech-07-08-2] Is this spam or not?

Below is an actual email I received this Monday. The question is, is
it spam or not? It is one of the things we'll discuss next lecture.
Don't forget to post on your blogs from last lecture.

P.S. I suggest you don't reply to the email below.

From: "lehcir_21" <lehcir_21@yahoo.com.ph> Add to Address Book
Add Mobile Alert
To: "testwynnewynne" <testing@ph.mensa.org>
Subject: call center vacancy
Date: Mon, 22 Oct 2007 16:49:49 +0800

Call center operator
JHC Inc is looking for intelligent people for this position ready
for a
career growth and hardworking.
Requirements:
- FULL TIME JOB ONLY
- Computer with broadband Internet access (Ability to be online
frequently ).
- Adult people only! (21 plus).
- Solid communication skills.
- Aggressive and insensitive persuasion skills must be as an
advantage
- Working experience in HR management and Call center area are
greeted
Salary:
$200/week
Annual bonuses
Please direct your resumes to blefeb4128aw@hotmail.com

SPAM! Well, my blog isnt about that email. I wanted to talk about an experience of mine with this spam sh*t. I maintain a website with its own mail server, I was paying for that server to run so i had the right to use it by myself (or at least the one with my name). One time, i just got surprised that all the emails that i would send to people using yahoo mail, would go to their spam folder. I soon found out that my mail server wasnt set to require a valid username & password in order to send an email, meaning anyone who accesses it can send an email with the address of the server on it. So i reported it to yahoo and my hosting and they fixed it right away.

DO NOT TRY THIS AT HOME!

one time, nangtrip lang ako sa isang kaibigan. using php's mail function, you can send an email. and by changing the parameters that you put in that function, the contents of the mail will change, including the "sender". So i used my friends email as the "sender" and sent an email to his email, he thought that i got in his mailbox. I just wanted to point out that an email can be spoofed, even if you know that email, it doesnt necessarily mean that it really came from that person/server.. one thing that you can do is to look at the header and check the first hop, then ex, sender:email@yahoo.com, get the ip address of yahoo.com's mail server and compare it to the address of the computer in the first hop..but of course you dont have to do this everytime..I am not "yahoo.com" but i was able to send an email with "email@yahoo.com" using my server..


No comments: