Comment on How do email scammers spoof my email?
Ocelot@lemmies.world 9 months ago
When you send an email to a mail server, you can set the “FROM” address to literally anything. The mail server does not care and forwards stuff on. Anyone can run their own mail server anywhere that will dutifully just relay emails, which is what spammers often do. There are entries in DNS called SPF records (Sender Policy Framework) which mailservers use to validate that the FROM address coming from the mail server matches with a list of allowed mail servers IP address(es). If it doesn’t match it gets sent to spam.
Seigest@lemmy.ca 9 months ago
I see. I think this is that case. It was in the spam folder. So it sounds like the new mail service is doing all it can here.
I’d also gotten a few fake Amazon fliers form like “vapedemon69.com” which somehow didn’t get marked as spam so I’ve been concerned that the junk prevention may really suck. But at least it seems to be marking the spoofed ones as ok.
korthrun@lemmy.sdf.org 9 months ago
Hey all, “that guy” chiming in.
You can set the “FROM” address to any string that meets the specifications of the “Address Specification” of the relevant RFCs (5322/6854 maybe others). Which is SUPER FAR from “literally anything”.
Ocelot@lemmies.world 9 months ago
If you’re running your own domain and mail server with everything validated via SPF and DKIM etc then this layer of spam filtering won’t do anything. Other spam filters like AI-based ones that look at the contents of message for spammy stuff need to take over after that point.
Fighting spam is constant cat-and-mouse battle and you’ll never truly get rid of all of it.
rufus@discuss.tchncs.de 9 months ago
And you don’t even need SPF or AI to discard mails coming from the wrong mailserver. If you know the domain, you can do a lookup and see if the connecting mailserver is the one in the MX record. Check PTR records. At least throw away mail that’s coming from some random server and claims to cime from your own domain. You should know who is supposed to be a mailserver for your addresses.
Ocelot@lemmies.world 9 months ago
This isn’t really going to be accurate all the time. It is a totally reasonable configuration to use a mailserver not in the MX records. Lots of companies that send automated emails use a service like mailgun or sendgrid as a relay, which isn’t their MX server. It doesn’t come from their company’s mailserver. The only way to validate that is by adding mailgun/sendgrid as an include in the SPF record.
You’ll often miss things like “Your credit card expired” or “please change your password” or even “Here’s your monthly bill from the power company” emails.
Absolutemehperson@lemmy.world 9 months ago
That’s obviously legit. Didn’t you know it’s illegal to lie on the internet?