Listowners-L Archives

Archiver > Listowners > 2005-12 > 1134063195


From: Darrell Martin <>
Subject: Re: [LO] Weird Email
Date: Thu, 8 Dec 2005 11:33:15 -0600 (GMT-06:00)


** My Web e-mail client sets "Reply To" against my will, sorry. Please direct all replies only to the list. **

Hi, Dave:

One thing an admin must always keep in mind is that there are (still) many kinds of malicious software out there, sending e-mail messages that **LIE ABOUT WHO SENT THEM**. Many of those find real addresses to use so their intended victims will be more likely to (a) view them, and; (b) do what they say. Creative variations spring up seemingly daily.

So, for example, a filthy obnoxious low-life in Slobbovia creates a program that infects the computer used by John Smith, who also lives in Slobbovia. The address (which belongs to this same John Smith) is subscribed to the RootsWeb mailing list SMITH-SLOBBOVIA-L. In a variety of places on John's computer, the virus can find the addresses "" and "".

OK, so now the virus does its dirty deed. It generates an infected (or SPAM) message. In this particular case, let's say it just makes up target addresses, e.g. . Since the aforementioned filthy obnoxious low-life wants Fred Jones, if he turns out to exist, to actually *open* the message, it needs to claim to be coming from a "real" address. So it randomly grabs "" off the infected computer, puts it in the headers as the "From" address, and sends it.

But if there is no "", or if there is and he has challenge-response anti-SPAM, or his mailbox is full, etc. etc. then the ISP for "jones.org.slob" is going to bounce the message. To whom? To what it **THINKS** is the sending address.

Result? The admin for "SMITH-SLOBBOVIA" gets a bounce from the address "" which is not subscribed; the admin may even know that it *never has been* subscribed. None of this even happens on the same continent as RootsWeb, but it doesn't matter. You can get irritated (I do, sometimes); you can complain to the dog (but the dog can't do anything but sympathize); and if you live in the USA you can write a letter to your Congressman (who will be delighted you agree with his stand against tattooing barcoded Social Security numbers on citizens' foreheads). Going to the dog for sympathy is the only approach with any chance of helping. There is not a thing in the world that you, or RootsWeb, can do about it but delete the bounce and forget it.

Darrell

-----Original Message-----
From: DB <>
Sent: Dec 8, 2005 8:34 AM

Joan,

Like Tom, I have gotten a few bounces recently and the email address
that the list was trying to contact was not from a subscribed member.
How can the list try to mail people who are not even subscribed?

The differences in my case were:

- The bounces were a couple of weeks apart.
- The header indicated no such email address existed.

Dave





Darrell A. Martin
a native Vermonter in exile in Illinois



This thread: