Someone just sent me this email they recieved. It is coming from my email address, but I didn't sent it.


webmaster <webmaster@powwows.com>

To :
snappalistic@hotmail.com

Subject :
Of Service

Date :
Wed, 21 Aug 2002 16:01:01 -0400 (EDT)

MIME-Version: 1.0
Received: from [64.12.138.8] by hotmail.com (3.2) with ESMTP id MHotMailBF2D7AB700504136E822400C8A08CB813; Wed, 21 Aug 2002 17:26:45 -0700
Received: from logs-wb.proxy.aol.com (logs-wb.proxy.aol.com [205.188.192.135]) by rly-ip04.mx.aol.com (v87.21) with ESMTP id RELAYIN3-0821160238; Wed, 21 Aug 2002 16:02:38 -0400
Received: from Ceelh (AC872A11.ipt.aol.com [172.135.42.17])by logs-wb.proxy.aol.com (8.10.0/8.10.0) with SMTP id g7LK117302501for <snappalistic@hotmail.com>; Wed, 21 Aug 2002 16:01:01 -0400 (EDT)
From jschnapp@pipeline.com Wed, 21 Aug 2002 17:28:46 -0700
Message-Id: <200208212001.g7LK117302501@logs-wb.proxy.aol.com>
X-Apparently-From: MRPATYK@aol.com


How can I see if this is a relay?

Check the message which was posted a few days ago call 'SMTP Relaying' http://www.webhostingtalk.com/showthread.php?threadid=68439

How does that help??

I don't understand that thread.

Pop-before-relay doesn't work well??? Then what is my alternative.

Paul,

The mail you have posted came from AOL (64.12.138.8). IF it had your email address in the From field, then it's simply been spoofed (anyone can put whatever they like in the From: field) but the email clearly hasn't come from your server. This is a common trick used by spammers so that return-errors go to other people.

If you want to test your server for an open relay, pop along here:

http://www.abuse.net/relay.html

Read it very carefully if you don't go with the anonymous mode so that you don't kick off a false-positive.

Incidentally, you should only trust the very last appended (i.e. at the top) Received: line in an email header that you are checking for false routing, all the other instances could be (and in the case of SPAM, probably are) spoofed.

Thanks! I didn't think it was relay. Anyway to stop spoofing?

Nope, that's why they do it. The only way would be to hide your email address and use form to email. Unfortunately, spammers will do anything these days, and impersonating From: addresses is just one of them.

Originally posted by pgowder
How does that help??

I don't understand that thread.

Pop-before-relay doesn't work well??? Then what is my alternative.

No, the Pop-before-SMTP works well. The guy was bored when he say it did not work well if you read his posting.

To prevent SMTP Relay through your server, you need to close all relay by enabling the POP-before-SMTP and remove all entries under the Relay for following host and save. Once you do that, only if the user is authenticated via POP then he could email through your server. If he cannot then it would be rejected thus effectively blocking the relay security hole.

Others may be able to 'fake' your email address when sending out mails but a check at the header would tell it does not originate from your site.

But from your email, it shows that the mail originates from an AOL account holder and it did not pass through your server SMTP.