Film-Tech Cinema Systems
Film-Tech Forum ARCHIVE


  
my profile | my password | search | faq & rules | forum home
  next oldest topic   next newest topic
» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » Spoofing Email Addresses

   
Author Topic: Spoofing Email Addresses
Ian Price
Phenomenal Film Handler

Posts: 1714
From: Denver, CO
Registered: Jun 99


 - posted 08-14-2004 08:08 PM      Profile for Ian Price   Email Ian Price   Send New Private Message       Edit/Delete Post 
My Spam has increased again and I have noticed a pattern of spoofed email addresses.

We have received Spam from support@rialto... and we have received emails returned from “user unknown” that originated from some rialto... address. I also received a Spam with a virus from landmarktheatres.com so they are being spoofed as well. I am on their mailing list so that's how it came to me.

I am about to change our public email address again to cut down on the Spam. What I want to know is how do you prevent people from harvesting your domain name and spoofing your email address?

I am going to change a few things about our list serve email letter. Then I am going to not publish our new email address on our website. I will use a click hear link instead. What other techniques do you use to keep people from spoofing your email address?

 |  IP: Logged

Joe Redifer
You need a beating today

Posts: 12859
From: Denver, Colorado
Registered: May 99


 - posted 08-14-2004 08:21 PM      Profile for Joe Redifer   Author's Homepage   Email Joe Redifer   Send New Private Message       Edit/Delete Post 
Spoofing e-mail addreses is very easy to do, unfortunately. In fact I recently got a lovely e-mail from ann@film-tech.com:
quote:
Hello JoeRedifer,

 -
Ready to accept a new friend? :-)

For more information see the attached file.

Cheers, Ann

Of course, the attached file is an EXE. I tried to click on it but nothing happened. Damn Macs. Anyway it is nice of Brad to be signing up all of these females with legit Film-Tech addresses! [Roll Eyes]

 |  IP: Logged

Daryl C. W. O'Shea
Film God

Posts: 3977
From: Midland Ontario Canada (where Panavision & IMAX lenses come from)
Registered: Jun 2002


 - posted 08-14-2004 08:23 PM      Profile for Daryl C. W. O'Shea   Author's Homepage   Email Daryl C. W. O'Shea   Send New Private Message       Edit/Delete Post 
The emails with the forged support@ address probably aren't spam, but virii. Not that it makes it any better. The @landmark... one could be actually from an infected Landmark computer too, not that that really matters either.

Anyway, publishing SPF records for your domain may slowdown, and hopefully eventually stop, emails with a forged address from your domain name.

Using HTML encoding for posting any addresses on your webpages will help since there are very few, if any, email harvesters that parse encoded addresses (that I know of). Using javascript to generate the address will defeat harvesters further into the future due to the processing power required on their part. Of course this means that your visitors have to have javascript enabled to view your address.

Using the contact form with a PROPERLY CONFIGURED copy of formmail.pl will be most effective, in harvesting terms, since your address never gets posted on your site. Actually depending on how it is setup your address might actually be in the page's HTML code... which won't be as effective.

Running SpamAssassin 2.64 or 3.0.0pre4, and using Razor2, DCC, and various (numerous) DNSRBLs, including SURBL, will eliminate nearly all of your spam.

Running a server side antivirus solution will eliminate virtually all of your virii problems provided your definitions are kept up to date.

Depending on what package you have with Verio, or what options are available, you may or may not be able to do any of the server side filtering. Their site isn't too clear on whether or not spam filtering is part of the basic package. It's listed, but it doesn't have an arrow like all of the other features.

 |  IP: Logged

David Buckley
Jedi Master Film Handler

Posts: 525
From: Oxford, N. Canterbury, New Zealand
Registered: Aug 2004


 - posted 08-15-2004 04:12 AM      Profile for David Buckley   Author's Homepage   Email David Buckley   Send New Private Message       Edit/Delete Post 
quote: Ian Price
not publish our new email address on our website. I will use a click hear link instead
If you mean a href="mailto:xxx@yyy.zzz" link, then that is a waste of space, in spam prevention terms. Its just as easily parsed as the page text.

FormMail has been mentioned, make sure you get the version from the London PerlMongers, and configure the address it sends to in the perl script, and dont have the address in a hidden field on the webpage. The original Matts Script Archive version has some security problems, and is no longer maintained.

I've had a collection of email addresses, most of which continue to be valid, from 1992. All are scattered all over the internet, and all receive considerable volumes of spam. The two first-line defences that keep my spam volume manageable are:

a) The use of the spamhaus sbl-xbl blacklist

b) the use of "honeypot" addresses. These are addresses that the spam world thinks are valid, but aren't, and anything addressed to a honeypot address get the source IP and email address automatically added to the blacklists.

This process discards many hundreds (and sometimes thousands) of messages per day.

A keyword filter throws away a 200-500 more messages a day.

All this processing is done by an SMTP proxy, mailstripper.

After that, the messages go through SpamCatcher, a fairly typical anti-spam tool. Heres a typical days report:

Range Messages
0 0
1-39 17
40-76 38
77-84 23
85-90 8
91-99 202
100 0
-----------------
288 messages rated

Messages with scores of 85 and above are automatically placed into a spam folder I clear out once in a while. The rest I see, and most are not valid emails.

I hate spam, it wastes so much of my life.

One final tip - dont put any auto-bouncers on, as that doesnt help matters, and may get you blacklisted by SpamCop advocates who see these virus bounce messages as spam...

 |  IP: Logged

Ethan Harper
E-dawggg!!!

Posts: 325
From: Plano, TX, USA
Registered: May 2000


 - posted 08-15-2004 04:29 AM      Profile for Ethan Harper   Email Ethan Harper   Send New Private Message       Edit/Delete Post 
I want a Film-Tech e-mail adress. Can I be Phiggidy-E@film-tech.com?

 |  IP: Logged

Matthew Peters
Expert Film Handler

Posts: 179
From: Glen Waverley, Melbourne, Australia
Registered: Nov 2002


 - posted 08-15-2004 10:00 AM      Profile for Matthew Peters   Email Matthew Peters   Send New Private Message       Edit/Delete Post 
I occasionally handle the email accounts for the cinema I work for, there are heaps of spoofed emails that look like they originate from us. I have found that encrypting the email addresses has significantly reduced those webots from picking up the email address.

Eg

<input type=hidden name="recipient" value="matthew.peters@optusnet.com.au">

EDIT: I have no idea how to make it look like the source code
& # 1 0 9 ; a & # 1 1 6 ; & # 0 1 1 6 ; & # 0 1 0 4 ; & # 1 0 1 ; & # 1 1 9 ; & # 4 6 ; & # 0 1 1 2 ; & # 1 0 1 ; & # 1 1 6 ; & # 0 1 0 1 ; & # 1 1 4 ; & # 1 1 5 ; & # 6 4 ; & # 1 1 1 ; & # 0 1 1 2 ; & # 0 1 1 6 ; & # 0 1 1 7 ; & # 0 1 1 5 ; & # 0 1 1 0 ; & # 1 0 1 ; & # 1 1 6 ; & # 0 4 6 ; & # 0 9 9 ; & # 0 1 1 1 ; & # 0 1 0 9 ; & # 4 6 ; & # 9 7 ; & # 0 1 1 7 ;

 |  IP: Logged



All times are Central (GMT -6:00)  
   Close Topic    Move Topic    Delete Topic    next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:



Powered by Infopop Corporation
UBB.classicTM 6.3.1.2

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.

© 1999-2020 Film-Tech Cinema Systems, LLC. All rights reserved.