[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 22/10/06 22:53:09, Colin James wrote:
I am glad I use Linux as for some reason today I have been targeted with lots of viruses through my email. I have no idea why these havestarted coming through as I am very careful where I put my email address. This is one the messages I received with a virus attached.
All may not be as it seems.Even if you were using Windows, this may not have resulted from an attack *on you* - it is more likely that someone is trying to *use* you as a false originator for *their* attacks on others. The net result is that a Windows user in the same situation may well have been perfectly safe from this email. In practice, someone sending falsified email from an address is just as likely to send malware spam TO that address as well.
You cannot stop someone sending email that pretends to come from you - a bug in SMTP that is becoming increasingly problematic.
Someone is sending out malware emails and blaming you. It happens to everyone at one time or another - most of the spam I still receive is failure notices from badly configured relays that blame me for email that someone is sending using a falsified From: address - mine!
The other problem is that this behaviour often gets YOUR email address listed in spamcop databases so that your genuine email gets rejected!
*This* is the principle reason why I sign all my email cryptographically with GnuPG. If you get ANY email from me that is not signed, it has come from someone falsifying the From: address. It doesn't help me, it is intended to help others filter email received from me.
It's coming to the point where I'm considering using a special GnuPG key without a passphrase just to sign automated emails (like the password reminders) too.
At present, email sent from webmaster@xxxxxxxxxxxxx is not signed (although it can be encrypted) and - being a predictable address - is commonly abused as well as receiving vast amounts of spam.
-- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpIOrW8M4PxP.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html