Spam and ISPs

Dear Group,

I have made an interesting observation and would appreciate your
comments.

I receive spam e-mail which is NOT addresses to me. The first three
letters in the e-mail address of the spam are identical to the first three
letters of my regular e-mail ddress, the remainder is not.

Example: my real address might be: abcd....@, but the address under
which the spam is delivered might be abcxy....@

I have tried to mail to abcxy....@ and the mail does not reach me, nor
is a message about undeliverabiltiy returned to me.

I find this curious.
!.) How is it that an ISP will allow mail under an address
which is not mine to pass?
2.) Why is it that I can't send and receive mail using this address?
3.) Why is it that no "undeliverable" message is returned?

Thank you for any explanations.
GR.

Re: Spam and ISPs

NoSpam wrote:

> 1.) How is it that an ISP will allow mail under an address
> which is not mine to pass?


Carbon-Copy or Blind-Carbon-Copy?

> 2.) Why is it that I can't send and receive mail using this address?


Because it's not yours?

> 3.) Why is it that no "undeliverable" message is returned?


Because you receive the mail?

Re: Spam and ISPs

NoSpam wrote:
> I have made an interesting observation and would appreciate your
> comments.
>
> I receive spam e-mail which is NOT addresses to me. The first three
> letters in the e-mail address of the spam are identical to the first
> three letters of my regular e-mail ddress, the remainder is not.
>
> Example: my real address might be: abcd....@, but the address under
> which the spam is delivered might be abcxy....@
>
> I have tried to mail to abcxy....@ and the mail does not reach me, nor
> is a message about undeliverabiltiy returned to me.
>
> I find this curious.
> !.) How is it that an ISP will allow mail under an address
> which is not mine to pass?
> 2.) Why is it that I can't send and receive mail using this address?
> 3.) Why is it that no "undeliverable" message is returned?

The spam mail wasn't sent to the mail address in the To: header. That
has to do with how e-mail works. I'll demonstrate by manually sending an
e-mail to myself:

cobalt@chrome:~ $ telnet mail.planetcobalt.net 25
Trying 217.10.9.49...
Connected to mail.planetcobalt.net.
Escape character is '^]'.
220 mail.planetcobalt.net ESMTP Postfix
HELO planetcobalt.net
250 mail.planetcobalt.net
MAIL FROM: abc@planetcobalt.net
250 2.1.0 Ok
RCPT TO: usenet-2007@planetcobalt.net
250 2.1.5 Ok
DATA
354 End data with .
From: george@whitehouse.gov
To: cobalt@example.com
Subject: example

Example
..
250 2.0.0 Ok: queued as 6C7403C00084
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
cobalt@chrome:~ $ _

The above SMTP chat results in the following mail in my inbox:

----8<----
From abc@planetcobalt.net Thu Jun 28 17:01:20 2007
Return-Path: abc@planetcobalt.net
X-Original-To: usenet-2007@planetcobalt.net
Delivered-To: usenet-2007@planetcobalt.net
Received: from planetcobalt.net (xyz.example.net [A.B.C.D])
by mail.planetcobalt.net (Postfix) with SMTP id 6C7403C00084
for ; Thu, 28 Jun 2007 16:59:49 +0200 (CEST)
From: george@whitehouse.gov
To: cobalt@example.com
Subject: example
Message-Id: <20070628150012.6C7403C00084@mail.planetcobalt.net>
Date: Thu, 28 Jun 2007 16:59:49 +0200 (CEST)

Example
---->8----

As you can see the From: and To: headers just show arbitrary addresses I
entered there (cobalt@example.com isn't even valid as per RFC 2606). The
real address the mail was sent to is usenet-2007@planetcobalt.net, which
you can see in the X-Original-To: and Delivered-To: headers that were
added by my mail server.

Anyway, this topic is by no means security-related. The appropriate
group for this kind of question would be news.admin.net-abuse.mail
(where this question might be an FAQ).

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich