Its because the "originator" email address is being spoofed.
http://searchsecurity.techtarget.com/de ... l-spoofing
didds
Got a credit card? use our Credit Card & Finance Calculators
Thanks to Rhyd6,eyeball08,Wondergirly,bofh,johnstevens77, for Donating to support the site
Wierd spam
-
- Lemon Half
- Posts: 5300
- Joined: November 4th, 2016, 12:04 pm
- Has thanked: 3294 times
- Been thanked: 1032 times
-
- Lemon Quarter
- Posts: 4487
- Joined: November 4th, 2016, 2:25 pm
- Has thanked: 648 times
- Been thanked: 1264 times
Re: Wierd spam
I get the same occasionally with my Hotmail aggregator address, been happening for a few years now, not found a solution. I did look through all the headers trying to find a common routing theme on a few occasions.
I've always presumed that at some point in the past some piece of spam has managed to phone home from the inbox and confirm my address as valid, and then it's ended up on a list of 'own address spoofs'.
I have all active content, graphics et al off now but it wasn't always the case, so it was probably then when the address got compromised. I've had that address since 1998...
I've always presumed that at some point in the past some piece of spam has managed to phone home from the inbox and confirm my address as valid, and then it's ended up on a list of 'own address spoofs'.
I have all active content, graphics et al off now but it wasn't always the case, so it was probably then when the address got compromised. I've had that address since 1998...
-
- Lemon Quarter
- Posts: 3858
- Joined: November 8th, 2016, 7:13 pm
- Has thanked: 9 times
- Been thanked: 609 times
Re: Wierd spam
Spoofing the originator email to hotmail should really be picked up by SPF.
Hotmail does have SPF set up and they should be using it to validate mail
https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage
Hotmail does have SPF set up and they should be using it to validate mail
https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage
-
- Lemon Quarter
- Posts: 4487
- Joined: November 4th, 2016, 2:25 pm
- Has thanked: 648 times
- Been thanked: 1264 times
Re: Wierd spam
johnhemming wrote:Spoofing the originator email to hotmail should really be picked up by SPF.
Hotmail does have SPF set up and they should be using it to validate mail
https://mxtoolbox.com/SuperTool.aspx?ac ... n=toolpage
It is, it sends it to the spam folder...
DMARC validation relies on both ends and you get a green bar with a 'trusted sender' header message. My banks and other providers use it ( but not on all send addresses, due to costs probably.)
I've had one piece of spam that spoofed the trusted sender green bar and header as well though, sneaky devils...
-
- Lemon Quarter
- Posts: 3858
- Joined: November 8th, 2016, 7:13 pm
- Has thanked: 9 times
- Been thanked: 609 times
Re: Wierd spam
Infrasonic wrote:due to costs probably.)
It shouldn't really be costs, but more a question of having the greater technical understanding of how to do things particularly at a higher management level.
-
- The full Lemon
- Posts: 10799
- Joined: November 4th, 2016, 8:17 pm
- Has thanked: 1470 times
- Been thanked: 3002 times
Re: Wierd spam
johnhemming wrote:Spoofing the originator email to hotmail should really be picked up by SPF.
Less useful when the originating server is a big provider serving many domains, like gmail. Does hotmail not similarly offer outsourcing for its users' own domains?
Spoofing an originator has always been trivial. Never rely on an originator for anything important unless it's cryptographically signed.
-
- Lemon Quarter
- Posts: 4487
- Joined: November 4th, 2016, 2:25 pm
- Has thanked: 648 times
- Been thanked: 1264 times
Re: Wierd spam
johnhemming wrote:Infrasonic wrote:due to costs probably.)
It shouldn't really be costs, but more a question of having the greater technical understanding of how to do things particularly at a higher management level.
The emails come from different servers (I've checked the routing to see) but from the same organisation. So there has been a conscious decision to split the financially/data sensitive stuff to DMARC (probably because of data protection or ISO compliance) and the 'general info' to non DMARC. It's common to all the providers that use DMARC that I correspond with.
Return to “Technology - Computers, TV, Phones etc.”
Who is online
Users browsing this forum: No registered users and 11 guests