[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology
Return Catalog Bottom Refresh
Thread archived.
You cannot reply anymore.
[Advertise on 4chan]
[Return] [Catalog] [Bottom]
Anonymous Archived
 No.108649581
File: 1746978528350111.png (11 KB, 519x76)
11 KB PNG
No.108649581 Archived
So how exactly do spam emails even work? I've seen garbage sent from actually legit sender addresses (not emails that looked legit using cyrillic symbols), emails from myself to myself, and random addresses to random addresses where I wasn't even CC or BBC'ed on. Only Gmail's spam filters seem to work decently, but even other major hosts like Outlook shit the bed when dealing with spam/junk emails.
>>
Anonymous
 No.108649827
No.108649827
Email headers are neither encrypted nor validated. In fact email is actually less secure than modern phone networks. Literally the only thing holding it together is the fact that only about 7 entities in the world operate meaningfully large servers and cooperate with blacklists and heuristics. But as you've seen it's been getting less reliable recently.
>>
Anonymous
 No.108650528
No.108650528
>>108649827
Then why do scammers still use cyrillic symbols to fake addresses, or "rn" to look like "m"? If it was that easy to fake headers then couldn't any email look like it came from support@google.com or ranjeet@microsoft.com?
>>
Anonymous
 No.108650620
No.108650620
>>108650528
>If it was that easy to fake headers then couldn't any email look like it came from
they can? you never heard of spoofing?
>>
Anonymous
 No.108651804
No.108651804
>>108650528
credibility with the ability to reply. if the goal is to click a link they can just use any spoofed address, but even then they may want a more legit looking domain than some long ass AWS one.
>>
Anonymous
 No.108651819
No.108651819
>>108651804
I don't think the ability to reply is a factor here. You can simply set the reply-to field to whatever you want for that.
>>
runit !!ZhJvoeHNOOB
 No.108651828
No.108651828
>>108649827
just use pgp
>>
Anonymous
 No.108651895
No.108651895
>>108650528
To circumvent the spam filter.
The gmail spam filter knows that server(s) "support@google.com" is supposed to come from so if some rando in India is using "support@google.com" it's an obvious scam.

Setting the "from" field really is as easy as setting the "to", "cc" and "bcc" fields.
And this has its use cases because companies often want to put "noreply@..." or "info@..." instead of the employee who happened to send the mail.
And the server companies use to send emails from is often not the same server they use to receive emails on, they might not even be in the same country.
>>
Anonymous
 No.108651933
No.108651933
>>108649827
>Email headers are neither encrypted nor validated.
The server IP address of the sender can at least be validated by adding an SPF record to the DNS.
It's not strictly mandatory but if you don't have a correct SPF record pointing to the IP address of the server you send emails from your emails are far more likely to be marked as spam.

It's not much but you can at least prove you own the domain name you use in the "from" field.
[Return] [Catalog] [Top]
Post a Reply
Return Catalog Top Refresh
[Advertise on 4chan]
Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.