Fake "Bill Gates" Message Dupes Top Tools 117
yahoi writes with this excerpt from Dark Reading that might raise sysadmins' eyebrows about email security, in particular given the big names involved: "A researcher who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from 'Bill Gates' is about to reveal the email products and services that failed to filter the spoofed message — and that list includes Microsoft Outlook 2007, Microsoft Exchange, Outlook Express, and Cisco IronPort. ... The experiment was aimed at measuring the effectiveness of email security controls in several major products and services. And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it, security experts say."
Re:so? (Score:3, Interesting)
The issue isn't who (near as I can tell) as much as it is the commonality of e-mail originating from servers not identified in the e-mail.
Blocking mail like that was a topic of discussion in the 90's but by that time the number of mail servers that no longer resolved to the domains they serviced were large enough that it was useless anymore.
I may not have all my facts straight, but that's my understanding.
Re:so? (Score:3, Interesting)
It wasn't the name he expected to be filtered, but the fact that the email was spoofed, i.e. it appeared to come from a different server than it actually came from.
Re:Checking Actual Email Address with Displayed? (Score:5, Interesting)
Well here's why that's tough. You can't check the email address it comes from typically because that would mean using the VRFY command, which no modern email server has enabled because it would allow spammers to simply poll an SMTP server for addresses and see if they are legit. They simply disable it or send all true responses.
The next check is DNS, verifying a mail record exists for the domain in question. Here's the problem with that. DNS can be messed up and mail will still function. Say you have a hosted domain but it lacks an mx record. Mail will still go out. So the server on the other end needs to make a choice. Throw it away or pass it through.
Re:Research no, risky possibly? (Score:3, Interesting)
Actually I think this might just be against the law and the researcher may have painted a big bullseye on his wallet for any one of these people who think they've been 'harmed' by believing they were actually invited by Bill Gates.
There are a lot of stupid internet laws out there and I'm sure the prosecutors/"victims" like nothing more than someone who provides all the evidence in a nice research report ready for prosecution.
Re:Pretty much anything from linkedin is spam. (Score:2, Interesting)
Linkedin instantly went into my mailservers blacklist. They're just fucking spammers.
Don't be silly. It's looks a sort of bug in LinkedIn - they aparently do not remove pending requests from user's queue even the request sender was reported by that user as a spammer. Simple as that.