I'm pretty sure that in the bad old days, even the headers could not accurately
reflect the sender. You could tell what ~server~ the email came from, but the
email address depended entirely on the From label that every email client
attaches manually, and which isn't necessarily truthful.
I put this in the past tense not because I believe it's no longer true, but
because it ~might~ no longer be true. I know a lot of the major domains are
adding various headers that purport to guarantee at least that the email came
from a subscriber at the originating domain. I don't know how advanced those
headers are these days. But until Chris posted the below, I would have said
you still can't be sure of the sender's email address by looking at the headers.
The headers that came with Chris' email, by the way, are much longer than I'm
used to seeing. Is this normal, these days, or is it a feature of IBM-MAIN? I
think what I'm seeing is a series of authentication methods as it's passed from
one server to the next along what I think is called the "backbone": ARC,
IronPort, and something called TMASE.
(I hope this doesn't break the LISTSERV's filters.)
Delivered-To: robhbrid...@gmail.com
Received: by 2002:adf:f447:0:0:0:0:0 with SMTP id f7csp3851648wrp;
Mon, 21 Sep 2020 19:18:42 -0700 (PDT)
X-Google-Smtp-Source:
ABdhPJyZYVYvh3cQWqrXkErWaQ9fj0W+BvZi9Nn3OIAhxJo/3CruwF8hoeAX5Oz2VcYZ5dXeWd3e
X-Received: by 2002:a25:4dc3:: with SMTP id a186mr3921730ybb.250.1600741122602;
Mon, 21 Sep 2020 19:18:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600741122; cv=none;
d=google.com; s=arc-20160816;
b=B58897TXTtvQJ7t1gnHyrcV+cq3LL+jDEM9oArNxwngd5gxmJmVU8iQWMRfzwzIErF
171T/6dYrx3amczVIU4+RYVmvhPiw4ciJWp6wEkjj4Crj2Idy3h02jmoPxSI6bfpfSYx
FqaUjP7LwKQ/2TClTi+oAhk19o5H/73ukJTA5+mhsv9CBSm/9aAimG18O14JDpzlgKJO
CZwngYjwGO/+cJ8VP1MfmKYwOC+Gk1v7+iJLbovbbXQB5yF5tziBBYUjFm2ZJcNDe6zR
gPstA7GqeqHoI7Q/YvKuVuDqWI45gSXg1uBZwik+4sYFnPucdPQ9J9gAOZ7Q4+7l7syN
2g6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-archive:list-owner:list-subscribe:list-unsubscribe:list-help
:precedence:in-reply-to:to:subject:organization:from:sender:reply-to
:date:newsgroups:message-id:content-language
:content-transfer-encoding:mime-version:user-agent:references
:ironport-phdr:dkim-signature;
bh=xak+K7z8G4pm5Gldpny1Rz595iMZvkPotRV2fRPSWh4=;
b=N/3iP2pjAMuhJ3ys6eeEachah/tZmrbzUtQlSghrMQ0SAMkmGZruV01BUBVJhJwK/1
Q38yPpfJg+QbzHYPu080i4V4MZNYOWPjTNwZJ/f4rGo+HwGPrRzPY5ZBJ6GnYkgIgCx1
zYENntXTcedNtOC3TS57zGYck/l4DmaNoHpmfyMSdfIyOx3ian0dIC5f7ny1b14ZC6Eg
9fp07gi9ViNNgy5wyNC+KpxHpsK3m2SU1E8dEfDYBIaHLZZERwcy0fjM9mfyVCf61M8a
FsFvsqFOLvmk1W4aYLnXxwMC3Uo7oyUNythENV/zL7mweFg5njPKOeHNOXA3+H5PlSHJ
j6rQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass (test mode) header.i=@UA.EDU header.s=LISTSERV01
header.b=hoKgtLn3;
spf=pass (google.com: domain of owner-ibm-m...@listserv.ua.edu
designates 130.160.0.25 as permitted sender)
smtp.mailfrom=owner-ibm-m...@listserv.ua.edu
Return-Path: <owner-ibm-m...@listserv.ua.edu>
Received: from lsvmail01.ua.edu (lsvmail01.ua.edu. [130.160.0.25])
by mx.google.com with ESMTPS id m18si15161936ybp.129.2020.09.21.19.18.41
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Mon, 21 Sep 2020 19:18:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of owner-ibm-m...@listserv.ua.edu
designates 130.160.0.25 as permitted sender) client-ip=130.160.0.25;
Authentication-Results: mx.google.com;
dkim=pass (test mode) header.i=@UA.EDU header.s=LISTSERV01
header.b=hoKgtLn3;
spf=pass (google.com: domain of owner-ibm-m...@listserv.ua.edu
designates 130.160.0.25 as permitted sender)
smtp.mailfrom=owner-ibm-m...@listserv.ua.edu
Received: from listserv01.ua.edu (listserv01.ua.edu [10.8.81.163])
by lsvmail01.ua.edu (Postfix) with ESMTP id 9EF7C2695E9;
Mon, 21 Sep 2020 21:18:24 -0500 (CDT)
Received: from listserv01 (localhost [127.0.0.1])
by listserv01.ua.edu (Postfix) with ESMTP id 3FD8C270077;
Mon, 21 Sep 2020 21:18:24 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; d=UA.EDU; s=LISTSERV01; c=relaxed/relaxed;
bh=xak+K7z8G4pm5Gldpny1Rz595iMZvkPotRV2fRPSWh4=; i=@LISTSERV.UA.EDU;
h=Received-SPF:IronPort-PHdr:References:User-Agent:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Language:Message-ID:Newsgroups:Date:Reply-To:Sender:From:Organization:Subject:To:In-Reply-To:List-Help:List-Unsubscribe:List-Subscribe:List-Owner:List-Archive;
b=hoKgtLn3w9W92V9bTKa6UNpuoBFZaitRofoSTpcb5pG+uPHaMDDYxt46yDCJr8Me9e6ms8Y4R46rar4HfwNPpwpnD1Dnb66cHye0twKDs517DlVZ8XKV5WnVD/FFabttLyA53JxrBDRLngQ9zjpwU9rmFtm25ltySVYKYz8yJsA=
Received: by LISTSERV.UA.EDU (LISTSERV-TCP/IP release 16.0) with spool id 29526
for IBM-MAIN@LISTSERV.UA.EDU; Mon, 21 Sep 2020 21:18:24 -0500
Received: from mailapp-atl-2.ua.edu (mailapp-atl-2.ua.edu [130.160.2.39]) by
listserv01.ua.edu (Postfix) with ESMTP id 1512D270076 for
<ibm-main@listserv.ua.edu>; Mon, 21 Sep 2020 21:18:24 -0500 (CDT)
Received-SPF: None (mailapp-atl-2.ua.edu: no sender authenticity information
available from domain of ponce...@logicintegration.com)
identity=mailfrom; client-ip=62.128.193.156;
receiver=mailapp-atl-2.ua.edu;
envelope-from="ponce...@logicintegration.com";
x-sender="ponce...@logicintegration.com"; x-conformance=spf_only
IronPort-PHdr: =?us-ascii?q?9a23=3ApBvDPBU4N90XryKbugu8DpDbOVDV8LGuZFw894?=
=?us-ascii?q?YnhrRSc6+q45XlOgnl6O5wiEPSAtmJ7vtFj+POq+XpRWhFu9CcuTYPfIEfHw?=
=?us-ascii?q?Qdh5AwmAotSNWAFVW9KffrayIgG8EXTFhj9Hy/PFR9HMHxZlbTpGG/4iQbBh?=
=?us-ascii?q?T4M0x+IeGsQNzogs+61v6/99joWysT3mbvR7R0IV32qAzQssAOmc5rNqJ0kF?=
=?us-ascii?q?3Uqz1Fd/kEjWVvbUmemRrx/I+54YJj/iJMuvkg698lM+2yfqI2SqZdBSgnNG?=
=?us-ascii?q?Z97dPitB3KRw+CrnUGVWBenh1NCgnDpBb0O/W5+jP9sOFw3CSGFcnxQrE/WD?=
=?us-ascii?q?K+4qhxQQPpjyFBPDk8sSnWhsF2kKNHsUekrh17zZTTZdLwVrI2dafccNUGAG?=
=?us-ascii?q?tZC5gLEXUbUsXlPtBJVrdfbq5CooLwpkUDt067DAioDfv3jzZUgjqsm7Azle?=
=?us-ascii?q?ktDFKjvkRoEtQQvXDTtNiwOr0VVLX/1K7OxjjHYu9+3TDy6YPJdAwsruuFQb?=
=?us-ascii?q?N3d4zazkxlRGanxh2A7JfoOT+YzLFHq2+d5OdkWP6Hj2koqgpwpCSiyd0llo?=
=?us-ascii?q?jOgMQezVWOpkAbiM4lYNa/TkB8e9utFpBd4jqCObxxRMczGjA6iGMB0rQD/K?=
=?us-ascii?q?WDUm0PwZUjyQTYbqbdIYyP7RPoVeCNLDhijW5kf7T5jBG3oxCt?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BhAACEXmlfh5zBgD5cAw4NAQEBAQE?=
=?us-ascii?q?BAQEFAQEBEgEBAQMDAQEBQIFPgiN3VwEhBAssCoQwkUOBAokMkCiBYBQBAQE?=
=?us-ascii?q?BAQEKAQEYCwoCBAEBhngCIjoTAhABAQEEAQEBAgEDAwMBFAEBAQoLCQgphTY?=
=?us-ascii?q?BAQQBASUMhXIBAQEBAwEBIQ8BITEECxUBAgICCBEKAwICISURBg0GAgEBgyI?=
=?us-ascii?q?BgksDMgEKtHx2gTKFQRKCYg2CHgaBDiqNLBuCAIERJw+Bbjc1PoIaQgQXgRE?=
=?us-ascii?q?BCggBaIJQgmAEj3AZBJMTkz1RgnGDEZFJaoIegl4FCh6DDDiOUCmORIVgmma?=
=?us-ascii?q?HAosvAgQLAhQBgWuBCnBNNAQ7gV6BC1AXAg1WhD6GEoFngR4XFIgThT8/QQE?=
=?us-ascii?q?xCi0CBgEJAQEDCXyLLoEkATFfAQE?=
X-IPAS-Result: =?us-ascii?q?A0BhAACEXmlfh5zBgD5cAw4NAQEBAQEBAQEFAQEBEgEBA?=
=?us-ascii?q?QMDAQEBQIFPgiN3VwEhBAssCoQwkUOBAokMkCiBYBQBAQEBAQEKAQEYCwoCB?=
=?us-ascii?q?AEBhngCIjoTAhABAQEEAQEBAgEDAwMBFAEBAQoLCQgphTYBAQQBASUMhXIBA?=
=?us-ascii?q?QEBAwEBIQ8BITEECxUBAgICCBEKAwICISURBg0GAgEBgyIBgksDMgEKtHx2g?=
=?us-ascii?q?TKFQRKCYg2CHgaBDiqNLBuCAIERJw+Bbjc1PoIaQgQXgREBCggBaIJQgmAEj?=
=?us-ascii?q?3AZBJMTkz1RgnGDEZFJaoIegl4FCh6DDDiOUCmORIVgmmaHAosvAgQLAhQBg?=
=?us-ascii?q?WuBCnBNNAQ7gV6BC1AXAg1WhD6GEoFngR4XFIgThT8/QQExCi0CBgEJAQEDC?=
=?us-ascii?q?XyLLoEkATFfAQE?=
X-IronPort-AV: E=Sophos;i="5.77,288,1596517200"; d="scan'208";a="39371487"
X-UA-IP-Dir: i
X-UA-External: other
Received: from mta6.iomartmail.com ([62.128.193.156]) by mailapp-atl-2.ua.edu
with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2020 21:18:23 -0500
Received: from vs1.iomartmail.com (vs1.iomartmail.com [10.12.10.121]) by
mta6.iomartmail.com (8.14.4/8.14.4) with ESMTP id 08M2ILnW012652 for
<IBM-MAIN@LISTSERV.UA.EDU>; Tue, 22 Sep 2020 03:18:21 +0100
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with
ESMTP id D20C12203B for <IBM-MAIN@LISTSERV.UA.EDU>; Tue, 22 Sep 2020
03:18:20 +0100 (BST)
Received: from asmtp3.iomartmail.com (unknown [10.12.10.224]) by
vs1.iomartmail.com (Postfix) with ESMTPS id BCE092203A for
<IBM-MAIN@LISTSERV.UA.EDU>; Tue, 22 Sep 2020 03:18:20 +0100 (BST)
Received: from [192.168.1.3] (li18b4b4blu3ltd.plus.com [84.92.86.146])
(authenticated bits=0) by asmtp3.iomartmail.com (8.14.4/8.14.4) with
ESMTP id 08M2IFWX028424 (version=TLSv1/SSLv3
cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for
<IBM-MAIN@LISTSERV.UA.EDU>; Tue, 22 Sep 2020 03:18:19 +0100
References:
<dm6pr01mb39622e311cb146d8b4cc2e4abf...@dm6pr01mb3962.prod.exchangelabs.com>
<00c801d6906b$979827c0$c6c87740$@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101
Thunderbird/52.9.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
X-Originating-IP: 84.92.86.146
X-Thinkmail-Auth: ponce...@logicintegration.com
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.0.0.1623-8.2.0.1013-25680.004
X-TM-AS-Result: No--22.480-10.0-31-10
X-imss-scan-details: No--22.480-10.0-31-10
X-TMASE-Version: IMSVA-9.0.0.1623-8.2.1013-25680.004
X-TMASE-Result: 10--22.480500-10.000000
X-TMASE-MatchedRID: 8HTFlOrbAtEskSgQseCioZU7Bltw5qVLoIcZ8kDSGx3c9KE2iwgwHpxe
m/bPuNbl5MWo5eRkVhST4r6vLqe1XqcixCHFzaYdLjsmuOashGJMkOX0UoduuRFuGoR26L1w7yR
70UzaHOHVsXfkupVIqZhl+M5E4O1lSnnHALWebCZyFiJvyj8nUDAuMzu3eJGjgs0XGsRxKVpnZH
oNDMN+oVF0Dz6CWocg2tLLi+OcCOYCWAJNioDShZ10bFzFUNG3GZZmA+NDs0S4FVzIwTbgVTgK6
rBjXxyiddcraUg4/ZRb1xSh2RN51l+2VnQAa92VN19PjPJahlIrU8f3oY88YFnFZNfj6Xm2IZRv
Yk3GLWpNYvDaO9t+nGBJNb89mNwBtSzbDslijNQvXATUpYL2KqwfObg093Ck36BFvDcr529Kb8b
IfVVvJXl14nsx4+p94urrazonbjxkJbwDA0WnIqo2fOuRT7aa8JzVOUQUG5x0rxNYA09+9rjpnb
R8WdwbBjd6/dITuSv10LK3PDYSThha18eHngtzSMFvyr5L84J4Nw4JZFjB6RRnkhLZOCK9FAcpy
p5sxOaPZ2BdfONa6cJXOW472UCp8SVv8xCiJrPBFOikWBnGHVG+BHSGRsbg85b+xRMFjssfwxRH
/2+eRzcyqkpVb+feOzL9BDvV9Gcgd9to5LaUUGKybY4NKiA1Dm+4joeL+f2Qx0NjGmV8+E8e8uK
rAhcoWr087TojJhPbcv/tJBGjYlJAAk7j9W+Xc/m/9PIvpoqnZS/aYgjrzjcQcUZK1ILgfeRHqX
TAYgaKdG9jQTUwt3lz13GxNMIPHvm/yqC0xZmeAiCmPx4NwFkMvWAuahr8ooPRqITj5zirusVRy
4an8SAHAopEd76vDiw+z6Jcs5PQksiHxkt+OHPYv6H4I4EiOiaJdeKshjWHJ4eiBgCSqQ==
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Message-ID: <63d7551f-6d05-455d-7b68-bd30c1958...@bcs.org.uk>
Newsgroups: bit.listserv.ibm-main
Date: Tue, 22 Sep 2020 03:18:45 +0100
Reply-To: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU>
Sender: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU>
From: CM Poncelet <ponce...@bcs.org.uk>
Organization: L! Logic Integration
Subject: Re: Caution: "Hacked" email caused the distribution of a potentially
harmful attachment
To: IBM-MAIN@LISTSERV.UA.EDU
In-Reply-To: <00c801d6906b$979827c0$c6c87740$@gmail.com>
Precedence: list
List-Help: <http://listserv.ua.edu/cgi-bin/wa?LIST=IBM-MAIN>,
<mailto:lists...@listserv.ua.edu?body=INFO%20IBM-MAIN>
List-Unsubscribe: <mailto:ibm-main-unsubscribe-requ...@listserv.ua.edu>
List-Subscribe: <mailto:ibm-main-subscribe-requ...@listserv.ua.edu>
List-Owner: <mailto:ibm-main-requ...@listserv.ua.edu>
List-Archive: <http://listserv.ua.edu/cgi-bin/wa?LIST=IBM-MAIN>
---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
/* Marriage is an act of will, divorce an act of won't. -screenwriter Josh
Greenfeld */
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of CM Poncelet
Sent: Monday, September 21, 2020 22:19
(a) Begin by assuming that *all* received emails are spam/scam (and
define this as the bottom line catch-all message filter) *unless* a
higher up message filter recognizes both the sender(s)'s and the 'to'
recipient's addresses as valid.
(b) The sender's original email address can be found towards the end in
the message headers, as in the "received from ... for ..." message
header line.
(c) Spam/scam emails can be sent to
https://www.spamcop.net/mcgi?action=loginform for verification, if need be.
The 'trick' to get around spammers/scammers is to use message filters,
with the bottom line catch-all filter saying something like "if the
subject does not contain <whatever random alphanumeric characters> *and*
the sender is not <whatever more random chars>@<whatever else> then save
the email in the trash/delete folder" - which then ensures that the
email is never saved in the "Inbox" folder.
A more skilful 'trick' is to have many different email IDs and give out
a different email ID to every company, individual etc. (and keep a
record of which email ID was given to whom) - so that, if a spammer or
scammer gets hold of it, it can be deleted and a replacement new email
ID can be created ... and then also determine from whom the
spammer/scammer harvested the old and now deleted email ID. That kills
off spammers and scammers, because any further emails sent to the old
email ID just bounce as "undeliverable" and they cannot guess what the
new email ID is. But that requires owning one or more domain names and
being able to create/delete email IDs associated with it/them. (I
have/use more than 200 email IDs across more than 30 domain names.)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
