|
|
 |
| CONTENTS A-Z | SEARCH | CHANGE YOUR PASSWORD | ANNOUNCEMENTS | STATUS MESSAGES |
|
There has recently been a large amount of SPAM with forged headers implying it originated at Essex, although in fact it did not do so. Such forgery is, unfortunately, trivially easy to do. It may not even be malicious: some recent computer viruses, such as Klez, forge email using addresses from the email folders on the infected machine. The body of the message contains the typical content of a SPAM email: at best an advertisement, at worst offensive or pornographic material or a virus-affected attachment.
Often, these messages will be detected by the receiving site's Anti-Spam software, and a failure message returned to the apparent sender. So, if the forged sender happens to be you, you will receive messages referring to email you didn't send. This can be very confusing, but is unavoidable.
If the message is not detected by the receiving sites software, then when the recipient receives such a message, they quite naturally blame the apparent sender, and/or Essex University. In many cases, they complain to the apparent sender. There is very little to be done, other than to assure them that Essex University is not to blame. Indeed, Essex is as much a victim as the receiver of the mail.
If the receiver is able to view the full header set of the message, they can be assured that Essex was not involved by examining the Received: headers. Here is a typical example:
Received: from serlinux14.essex.ac.uk ([155.245.48.16]) by sernt14.essex.ac.uk with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id JDDR51Y8; Tue, 23 Apr 2002 05:52:16 +0100 Received: from sulu.mmm.com ([192.28.4.21]) by serlinux14.essex.ac.uk with esmtp (Exim 3.22 #1) id 16zsHs-0008Mx-00 for goldilocks@essex.ac.uk; Tue, 23 Apr 2002 05:52:20 +0100 Received: from magnum.mmm.com (magnum.mmm.com [169.10.11.7]) by sulu.mmm.com (8.8.7/8.8.7) with ESMTP id XAA07199 for <goldilocks@essex.ac.uk>; Mon, 22 Apr 2002 23:52:18 -0500 (CDT) Date: Mon, 22 Apr 2002 23:53:23 -0500 (CDT) Message-Id: <200204230453.XAA20491@magnum.mmm.com> From: threebears <threebears@essex.ac.uk> To: goldilocks@essex.ac.uk Subject: Undeliverable mail--"end of leaf footer" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=NoaHF5BQp46DPQ2 X-MailScanner: Found to be infected
Note that the apparent sender, as shown by the From: field, is an essex.ac.uk account. But the Message-Id: field, and the earliest Received: field, both show the message actually originated at magnum.mmm.com