Re: [OT] Has my e-mail account been hacked?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
On 14/10/2015 1:09 PM, Stuart Longland wrote:
>> No. My id on this mail server is "zlinuxman". I have no idea
>> who "thecoughingcanary" is. Nor do I understand why the SMTP
>> server would allow "thecoughingcanary" to send out e-mails in my
>> name, unless "thecoughingcanary" is an administrator account.
Yes, that can be a serious problem; any ONE user can compromise others.
> This is making a lot more sense now. So 'wowway.com' is your ISPs
> server, and 'thecoughingcanary' is another customer of theirs.
> Likely a compromised one. Your ISP needs to know about this.
Yep.
> Why did it allow the email to be relayed? Well, the credentials
> were correct, that's all that was needed. (Yes, SMTP is that
> basic.)
Right.
> You'd probably find you can send email from *any* email address
> you choose, provided that the email address domain permits that
> server to send emails from that domain.
>
> (e.g. my domain has SPF records that only permit a small handful
> of servers to send emails with a 'longlandclan.id.au' domain.
> Anyone else will trigger a "soft-failure".)
SPF is only good if the receiving server does proper checks and you
don't have a soft fail in your setup. Too many servers don't seem to
care about SPF failing, which is why back scatter is [or was] a much
greater problem that it should ever have been.
A.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iF4EAREIAAYFAlYdyoQACgkQqBZry7fv4vuA9gD+IvJyS7o4qSNJo/hKW+heUe11
zmxAEtvo5lI9NvR65JMBAJUnLst8W/l+gj0lysa2B7G2oVfcRQzUGvu0b7c+NNyv
=Eshk
-----END PGP SIGNATURE-----
Reply to: