[LINK] Question re spoofing with bad reply address

Karl Auer kauer at biplane.com.au
Wed Jul 9 16:35:37 AEST 2014


On Wed, 2014-07-09 at 16:04 +1000, Jan Whitaker wrote:
> I've had two email returned advisories where my address has been 
> spoofed (see below).
> I can't figure out the the motivation for this. There was an embedded 
> link in the message (no I didn't click on it), but the whole email 
> aspect is fake.
> What is the payoff to the sender?

WRT to actual email body, if you click on the embedded link the
destination address of the email is flagged as working and accepting
email, and the recipient is identified as an idiot, so definitely
someone to keep spamming, and definitely an address to keep using as a
fake sender.

At the website itself, any of three things may happen:
 - the site fools you into leaving valuable data behind
 - the site exploits your browser to drop malware on you
 - the site sells you something

If you are asking why the sender address used was yours, it is for
several reasons: Spammers like to use real sender addresses, because
they are less likely to be identified as spammy senders. Also, the
backscatter (such as the bounces you received, or the ire of the
recipient) goes to someone else; the spammer isn't interested in seeing
backscatter. And by distributing the backscatter the spammer obfuscates
his/her location (otherwise the stream of backscatter returning to a
single sender would help identify the spammer). And finally, most
bounces include the original message, so the spammer gets two for the
price of one - a shot at the original recipient, and a shot at the
recipient of the bounce message.

It's because spammers now routinely use other people's addresses as the
sending addresses that getting mad at the apparent sender is pointless.
The apparent sender is almost certainly not the actual sender.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A





More information about the Link mailing list