Re: Blogware spoofing FROM addresses

From: Chris Scott (chris@hostorlando.com)
Date: Fri Jun 11 2004 - 11:03:35 EDT

Next message: Kim Phelan: "RE: OpenSRS Live Reseller Update - [Website Builder]- 06/10/04"
Previous message: Ross Wm. Rader: "Re: Blogware spoofing FROM addresses"
In reply to: Dave Warren: "Blogware spoofing FROM addresses"
Next in thread: Tom McDonald: "Re: Blogware spoofing FROM addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dave Warren wrote:

> </rant>
> I set up a blogware trial, decided to give a few of the features a trial
> run.
>
> One of the features is an email interface -- I should be able to submit
> messages via email, and get updates for other people's blogs via email
> too. Great, I have users who might really use this because they hate
> web interfaces nearly as much as I do.
>
> I could even put up a system status page, hosted off-network (in case
> EVERYTHING is down on my side) and tie it to my email notification
> system. Not impossible to do otherwise, but since a trial account of
> $0.50/weblog/month is more then enough, why the heck not?
>
> I left the confirmation on initially just to see what happens and
> emailed a post to my blog. I waited and waited and waited for the
> confirmation, nothing. Weird... Check the mail server, no backlog.
> Happen to look at my incoming spam folder, and what do you know,
> blogware is forging a domain it does not own or host and has never been
> authorized to send from, and as a result my mail server flagged it as spam.
>
> Well isn't that fancy. In today's world even big slow moving behind the
> times .COMs like eBay are in the process of fixing their systems so that
> they don't forge sender email addresses, so I find it rather astounding
> that OpenSRS found a developer clueless enough to create a system that
> forges sender information.
> </rant>
>
> I'm sorry if this seems offensive, but frankly, somebody needs a smack
> upside the head.
>

With impending spam solutions like SPF, or whatever they are calling it
now, this will become more of a problem. What about something like
having them come from [blogware username or some sort of
hash/GUID]@blogware.com. Add an option the blog owner could set to
allow replies to that address to be forwarded to the email address for
[blogware username] or to send them to /dev/null. Maybe an additional
option to allow the reply-to header to be set to something of the blog
owner's choosing also? Just thinking out loud, here.

-- 
Chris Scott
Adaptive Hosting Solutions, Inc.
(formerly Host Orlando, Inc)
http://www.adaptivehostingsolutions.com/

Next message: Kim Phelan: "RE: OpenSRS Live Reseller Update - [Website Builder]- 06/10/04"
Previous message: Ross Wm. Rader: "Re: Blogware spoofing FROM addresses"
In reply to: Dave Warren: "Blogware spoofing FROM addresses"
Next in thread: Tom McDonald: "Re: Blogware spoofing FROM addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:57 EDT