mshalperin Posted December 3, 2006 Posted December 3, 2006 Recently I've been seeing multiple gif type spam in my inbox because it is "whitelisted", though the "From" address isn't on my whitelist. The header shows my cessmail address as the Return-Path which apparently gets it auto-whitelisted as if I sent the message to myself. I don't know enough about the header to understand how "return-path" gets to be different from the "From" entry, but this seems to be a very simple way to force whitelisting on this system http://www.spamcop.net/sc?id=z1153258077z9...ea1e8461a09da1z
Farelf Posted December 3, 2006 Posted December 3, 2006 ... The header shows my cessmail address as the Return-Path which apparently gets it auto-whitelisted as if I sent the message to myself. I don't know enough about the header to understand how "return-path" gets to be different from the "From" entry, but this seems to be a very simple way to force whitelisting on this system...Most have no need to whitlelist themselves. If that is true for you and you have access to the whitelist (not knowing your setup, the SC email system), try removing your address from your whitelist. Virtually anything in the headers can be forged (except the last IP address on handover), faking the return path is very, very common. Your address there is simply because some spammer picked it off his list. The alternative is just to ride it out (until another reurn address has its run) - and of course report the things.
mshalperin Posted December 3, 2006 Author Posted December 3, 2006 Thanks, I did find my address in my whitelist and deleted it - don't remember ever putting it there. In these cases the spammer is specifically inserting the "To" address into the return-path. I'm not seeing bounce-backs where my address is being used for a whole batch of spam and it seems to me it is a tactic to invoke whitelisting. Is there a distinction between "return-path" and "from"? - Is there any legitimate reason for there being different values for these?
StevenUnderwood Posted December 3, 2006 Posted December 3, 2006 Is there any legitimate reason for there being different values for these? I often send email for work from my home account and want all returns sent to my work address. That is one reason. I generally mention this is the message however. Mailing lists are another reason where the sender may be the individual user but the return address would be the submit address.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.