[Previous] [Next] [Index]
[Thread]
Re: Email Hack: Help.
>1. Is there any authority who we can call about this type of incident?
You can contact CERT but many peoples experience of dealing with them
has been somewhat less than enthusiastic. I've had more luck getting
information out of agencies that exist to keep secrets than out of CERT.
If you check their archives they may have a description of a similar
problem.
>2. What are the methods one uses to do fake these FROM fields? And is
> there a way to prevent it?
Basically the user is talking advantage of a flaw in the SMTP protocol
and possibly in sendmail. SMTP allows the user to supply the FROM field
in the message and that is entirely separate from the IP addressfrom
which the message arrived.
Its not possible to do much about this. Many sites take advantage of this
feature for legitimate reasons - mainly the irritating habit that many
mailers have of replying to the FROM: field rather than the reply-to field.
>3. What are the limits of prosecution available, is it typical US justice
> where even if they're caught red handed, nothing is done?
It is likely that they are breaking the law but unlikely that they are doing
so in a way that would in itself cause much interest be taken. On the other
hand if they are as seems likely pushing a pyramid marketing scheme that would
appear to me to be a prima-facie case of fraud and the FBI are more likely
to take an interest.
On the other hand you don't say that its your server thats being hacked -
if you are just getting junk mail I doubt that you could get much interest
unless you provided a lot of information documenting your claim.
Phill
References: