Hello, On Sat, 21 Mar 2009, Parthan SR wrote: > Am afraid what the social networking sites do is use the email id of the > member, who has compromised his email account's address book, to send > the emails rather using an email id containing it's domain.
There are two types of "from" headers in a mail --- the envelope "From " header and the "From:" header. The first header is the one seen by the mail server. The second one is seen by your mail reading/writing software. (As far as the mail server is concerned it is part of the content of the mail). With most sites adopting SPF records[*], the faking of the first header is generally avoided by most mail servers. However, I haven't checked what these social networking sites do. The faking of the second is almost legitimate since almost no one bothers to digitally sign e-mail anyway. :-( On Sat, 21 Mar 2009, Arun Khan wrote: > In this particular case, the From header showed '"Lakshmi M" > <nore...@ci.faniq.com>' I have found this to be the case in most of > the invites from such sites and hence I have posed the question. So this at least _can_ be filtered. So can most sites that conform with SPF (or reverse MX records). Regards, Kapil. [*] SPF records means that a domain (say imsc.res.in) provides (via DNS) a list of hosts (say math.tifr.res.in, mail.imsc.res.in) which are authorized to send mail with an envelope "From " address like "u...@imsc.res.in". Any mail receiving server which received mail with such a "From " address from any *other* server can legitimately reject it. (Or even if they don't reject it they can use it to increase the spam score). -- _______________________________________________ To unsubscribe, email ilugc-requ...@ae.iitm.ac.in with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
