[Dshield] Weird from address

Tom dshield at oitc.com
Sun Oct 16 18:22:46 GMT 2005


What you see on your router/gateway/firewall is the response from 
SMTP "MAIL FROM" command (eg the real RFC-2821 envelope) The From you 
see in the mail is just cosmetic as far as SMTP handshaking is 
concerned.

Tom

At 11:31 AM +0400 10/16/05, Emmanuel Steve Dulvin wrote:
>Hi Guys,
>I received something weird this morning if you see below the from
>address in this mail shows as jblue at getresponse.com but when I checked
>on my gateway I see From:
>bounce-514542-steve.d=adcb.com at citius.getresponse.com  does anybody know
>on why this happened I mean even if it is spoofed the spoofed e-mail id
>should be shown on the mail. Let me know if any of you know anything
>about it.......
>
>From: jblue at getresponse.com [mailto:jblue at getresponse.com] On Behalf Of
>Johnny Blue
>Sent: Sunday, October 16, 2005 5:28 AM
>To: Steve
>Subject: Re: your free chapter of The Blue Riders' Club - Entire book
>now available in e-book
>
>Regards,
>Steve
>
>
>
>The information transmitted and available in this message is intended
>only for the person or entity to which it is addressed and may contain
>confidential and/or privileged information/material.
>Any review, retransmission, dissemination or other unauthorized use of,
>or taking of any action in reliance upon this information by persons or
>entities other than the intended recipient are strictly prohibited
>and unlawful. If you have received this in error, please delete the
>message and/or material immediately and contact ADCB as below for
>appropriate action.
>
>
>Abu-Dhabi Commercial Bank, P.O.Box, 2800 Abu Dhabi, UAE Email:
>helpdesk at adcb.com Tel: +971-2-6771666 Fax: +971-2-6772573"
>
>_________________________________________
>Using .Net? Need to know more about .Net Security?
>http://isc.sans.org/banner_count.php?dest=dotnet
>
>_______________________________________________
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list


-- 

Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
http://www.oitc.com/Antarctica/

PGP Public Keys available at:
<A HREF="ldap://keyserver.pgp.com/">PGP's Key Server</A>
<A HREF="http://www.oitc.com/OITC/PGPKeys.html">OITC's Public Key List</A>
14A7 A308 266A 3646 FBA8  9A86 E139 F108 B1BE 37BD


More information about the list mailing list