![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Domain Name Hijacked to Send Spam
Mike Easter
MikeE at ster.invalid
Sun Apr 30 07:45:37 EDT 2006
D-W-S wrote:
> Ant
>> < George/Glowingdome cite >
>>> It seems my domain name has been hijacked and used to send mass
>>> spams. I am getting message undeliverable emails constantly.
George is using the term 'hijacked' improperly here. He seems to be
saying that the spams are being sent 'From' him ie his domainname as a
source.
>> You meam it's being used as a false "From:"? If so, I'm also getting
>> a lot. It's called backscatter.
Ant is clarifying to George that nothing is being sent 'from' as in
sourced at, the domainname, but instead it is simply a matter of the
domainname being used in the forged From. Ant goes on to expand without
fully explaining the sequence that the result of the forged From is that
a receiving server which accepts those spams for delivery and then
belatedly bounces them causes an effect called 'backscatter' which is
the abusive newmails addressed to the forged Froms.
> No it isn't, it's a simple forgery.
"No it isn't" in this context is incorrect. Both Ant and D-W-S are
saying the same thing IMO. Ant is using the term backscatter for the
same resultant effect which D-W-S is describing in more detail below
Unless perhaps 'No it isn't' is actually being addressed at George as to
say "No, your domain name isn't being hijacked -- it is simply being
used in the forgery of the From.' In which case D-W-S should have
positioned the context of his 'no it isn't' under the uncited George's
remark instead of under Ant's remark.
> Backscatter is when an MX accepts the spam or virus with a forged
> sender address, realizes it can't deliver the message after the fact,
> and then packages the mail in a DSN and sends it off to the purported
> original sender.
Correct. That's what it looked to me that Ant was saying. Why did you
say 'No it isn't'? To George or to Ant?
Defining each term and not using terms like 'From' or 'hijacking'
loosely or ambiguously is often necessary.
One use of the concept 'domain hijacking' is described here, and the
guide or tutorial employs the ruse of 'faking out' internic with a
forged From. http://www.securiteam.com/securitynews/5AP0D000KM.html
Domain Hijacking: A step-by-step guide
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-List
mailing list