Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Originator <>
- Thread starter ilpadrino
- Start date
When someone sends an email, their computer communicates with your IMC using SMTP. Typically spammers' don't bother using any vlaid address in the "mail from:" command. If they did, they might get reported. SMPT in Exchange only requires a valid "rcpt to:" domain name.
For instance, let's say your domain is company.com and a spammer has one of your users' email addresses: joeblo@company.com. When they hit your IMC via port 25 (SMTP), they use the leave the mail from blank, and the rcpt to: with the username. If the spam just points at a web site or 800 number, why bother to risk getting bounced or complaint emails. In fact, so they don't get black-holed by ORBZ.org, they typically relay off someone's unsecured SMTP server. Here's the test:
Your domain is company.com
Your server is 64.64.64.64
Start up telnet session: Your command prompt will work fine.
C:> telnet
open 64.64.64.64 25 (the 25 is SMTP port)
mail from: leave this blank
rcpt to: joblo@company.com
text
write any message, then hit enter, a period, then enter.
That's it. The user will get the email with the from looking like <>. Exchange's SMTP allows this no matter how much I hate it. Anybody have a good solution?
For instance, let's say your domain is company.com and a spammer has one of your users' email addresses: joeblo@company.com. When they hit your IMC via port 25 (SMTP), they use the leave the mail from blank, and the rcpt to: with the username. If the spam just points at a web site or 800 number, why bother to risk getting bounced or complaint emails. In fact, so they don't get black-holed by ORBZ.org, they typically relay off someone's unsecured SMTP server. Here's the test:
Your domain is company.com
Your server is 64.64.64.64
Start up telnet session: Your command prompt will work fine.
C:> telnet
open 64.64.64.64 25 (the 25 is SMTP port)
mail from: leave this blank
rcpt to: joblo@company.com
text
write any message, then hit enter, a period, then enter.
That's it. The user will get the email with the from looking like <>. Exchange's SMTP allows this no matter how much I hate it. Anybody have a good solution?
- Thread starter
- #3
I tried your test and it did not work with a blank mail from. I get an error 553 malformed address.
I have secured my servers according to the ORBZ.org recommendations. Now our servers are not listed in their database. And when attempting the telnet tests indicated on their site, the exchange servers appear to be closed. But I still have these <> items in my IMC queue. I just delete them.
I have secured my servers according to the ORBZ.org recommendations. Now our servers are not listed in their database. And when attempting the telnet tests indicated on their site, the exchange servers appear to be closed. But I still have these <> items in my IMC queue. I just delete them.
ChrisHirst
IS-IT--Management
You can also get the <> from read receipts etc.
Chris
Chris
- Status
Similar threads
- Locked
- Helpful tip
- Locked
- Question
- Locked
- Question