(keitai-l) Re: Spam From Docomo Users?

From: Curt Sampson <cjs_at_cynic.net>
Date: 07/11/03
Message-ID: <Pine.NEB.4.51.0307111308350.475@angelic-vtfw.cvpn.cynic.net>
On Thu, 10 Jul 2003, Juergen Specht wrote:

> > I have set up my i-mode mail to only accept mail from a white list (via
> > DoCoMo's mail options). After doing so I was bemused to still receive
> > spam from my own i-mode address which is in the white list so clearly
> > spammers are faking DoCoMo sender headers.

Well, there's not much to "faking" them. Just set your envelope sender
and the From: line to whatever you want in your mail client and you're set.

And this isn't surprising; spammers have been using the recipeient's
e-mail address as the alleged sender for a long time. It often gets past
people's filters. :-)

But it certainly wouldn't be too unreasonable for Docomo simply not to
accept e-mail with a From: line claiming @docomo.ne.jp when delivered to
their Internet-facing MX hosts.

> Sure they do, but Curt is a professional and can read headers,
> so I believe he checked the origin before posting here. Did you,
> Curt?

Yes. To be more clear, it was spam from a docomo address (both envelope
sender and From: line), and it was passed to my mail server from what
appears to be a docomo.ne.jp server (both hostname and in-addr.arpa DNS
records resolve properly).

So yes, it really does look like it was typed in by hand, which strikes
me as rather...taihen. You're not going to be doing really massive spam
runs that way!

The subject matter was an echi web site, of course.

cjs
-- 
Curt Sampson  <cjs_at_cynic.net>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC
Received on Fri Jul 11 07:18:13 2003