[Hidden-tech] new spam call technique?

[Town Websites]

Correct, it is easy to forge email.

There are some moderately successful ways to help people and spam filters
detect forged email and verify email that was sent from an authorized
server, in particular SPF and DKIM can help confirm that email originated
from your SMTP server and has your DKIM authorized signature, and are easy
to configure for individuals or small organizations. 
 
Some spoofed email occurs because your personal accounts and computers have
been compromised; this is a particular problem in that you actually send
email to your personal address book, and typically, the emails you send have
links that can replicate the infection, or informs your trusted friends you
have lost your credit card and passport and need you to wire them money.
Other hacks just steal your email lists and continue to email to them from
your email. In both cases, these spoofs are more serious because they target
your personal trust networks, and prevention requires you to be careful what
you click on in received emails and how you browse the web, and what
programs or plugins you install.  As well, you need secure passwords, and
should be careful from where you log in, and should use secured connections
to your mail servers.  This stuff is where you do have responsibility for
protecting your own identity and where the consequences of failing fall most
on your personal trust relationships.

Charlie

-----Original Message-----
From: hidden-discuss-bounces at lists.hidden-tech.net
[mailto:hidden-discuss-bounces at lists.hidden-tech.net] On Behalf Of Rich Roth
Sent: Thursday, December 11, 2014 10:10 AM
To: shel at principledprofit.com; Dede
Cc: Hidden-Tech Tech
Subject: Re: [Hidden-tech] new spam call technique?




Shel and others,
I need to clarify for all that forging an email address requires
(almost) NO technical skill, unlike faking a caller ID.  Doing that, at a
minimum, requires interfacing with the phone system, although it seems
easier now that VOIP services are more common, at least it is actually
illegal in many cases.

In contrast, forging an email address is so simple, because there is no
verification of the from address in the underlying SMTP (simple mail
transfer protocol) used to send email, and available on any internet
connected system.  Any 'From address' validation you may see is done by the
user program (MUA) that you are running, not the transfer program (MTA).

For those interested, look up RFC 821 (dated Aug 1982) and subsequent IETF
RFC's

On 12/10/2014 10:35 PM, shel at principledprofit.com wrote:
> Yup. Been happening for about eight onths, not very frequently, 
> fortunateoy. And spammers have been forging my name and sometimes one 
> of my e-addresses for years. Very frustating and annoyijng but <i have 
> not found a way to shut them down.
>
>


--
Rich Roth
Webmaster/Steering Committee Member
Hidden-tech http://www.hidden-tech.net
The Talent you need is right here,
Join and share your skills
((Sponsored by Thrives Media))
http://www.thrivesmedia.com
http://www.welovemuseums.com

_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members   
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members