Jump to content

False whitelisting by forging Return-Path


Recommended Posts

Recently I've been seeing multiple gif type spam in my inbox because it is "whitelisted", though the "From" address isn't on my whitelist. The header shows my cessmail address as the Return-Path which apparently gets it auto-whitelisted as if I sent the message to myself. I don't know enough about the header to understand how "return-path" gets to be different from the "From" entry, but this seems to be a very simple way to force whitelisting on this system

http://www.spamcop.net/sc?id=z1153258077z9...ea1e8461a09da1z

Link to comment
Share on other sites

... The header shows my cessmail address as the Return-Path which apparently gets it auto-whitelisted as if I sent the message to myself. I don't know enough about the header to understand how "return-path" gets to be different from the "From" entry, but this seems to be a very simple way to force whitelisting on this system...
Most have no need to whitlelist themselves. If that is true for you and you have access to the whitelist (not knowing your setup, the SC email system), try removing your address from your whitelist. Virtually anything in the headers can be forged (except the last IP address on handover), faking the return path is very, very common. Your address there is simply because some spammer picked it off his list.

The alternative is just to ride it out (until another reurn address has its run) - and of course report the things.

Link to comment
Share on other sites

Thanks, I did find my address in my whitelist and deleted it - don't remember ever putting it there.

In these cases the spammer is specifically inserting the "To" address into the return-path. I'm not seeing bounce-backs where my address is being used for a whole batch of spam and it seems to me it is a tactic to invoke whitelisting. Is there a distinction between "return-path" and "from"? - Is there any legitimate reason for there being different values for these?

Link to comment
Share on other sites

Is there any legitimate reason for there being different values for these?

I often send email for work from my home account and want all returns sent to my work address. That is one reason. I generally mention this is the message however.

Mailing lists are another reason where the sender may be the individual user but the return address would be the submit address.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...