66
submitted 1 year ago* (last edited 1 year ago) by Seigest@lemmy.ca to c/nostupidquestions@lemmy.world

I recently switched my mail/domain from Google to name cheap. I've been keeping a critical eye on my junk mail as the spam filtering doesn't seem as good.

I saw neat scam email from my own email adress. It was the usual "I am a hacker give me money" nonsense but the trick with them using my own email adress is pretty neat. I assume they've injected some sort of common replace string?

Just curious if anyone knows the trick here.

Update: followed the advice most of you have provided and spam mail has gone way down as a result. Leaving post here for the next poor sod who runs into these problems. Maybe Google will lead folks here instead of reddit.

Thank you kind strangers.

you are viewing a single comment's thread
view the rest of the comments
[-] Seigest@lemmy.ca 3 points 1 year ago* (last edited 1 year ago)

I see. I think this is that case. It was in the spam folder. So it sounds like the new mail service is doing all it can here.

I'd also gotten a few fake Amazon fliers form like "vape demon69 dot com" which somehow didn't get marked as spam so I've been concerned that the junk prevention may really suck. But at least it seems to be marking the spoofed ones as junk.

[-] korthrun@lemmy.sdf.org 5 points 1 year ago* (last edited 1 year ago)

you can set the “FROM” address to literally anything.

Hey all, "that guy" chiming in.

You can set the "FROM" address to any string that meets the specifications of the "Address Specification" section of the relevant RFCs (5322 and 6854, maybe others). Which is SUPER FAR from "literally anything".

I know this seems like some neck-beard bullshit, but we're here answering the question for someone who clearly has little understanding of email internals. Hyperbole is bad in this context IMO.

[-] Ocelot@lemmies.world 1 points 1 year ago

If you're running your own domain and mail server with everything validated via SPF and DKIM etc then this layer of spam filtering won't do anything. Other spam filters like AI-based ones that look at the contents of message for spammy stuff need to take over after that point.

Fighting spam is constant cat-and-mouse battle and you'll never truly get rid of all of it.

[-] rufus@discuss.tchncs.de 2 points 1 year ago* (last edited 1 year ago)

And you don't even need SPF or AI to discard mails coming from the wrong mailserver. If you know the domain, you can do a lookup and see if the connecting mailserver is the one in the MX record. Check PTR records. At least throw away mail that's coming from some random server and claims to come from your own domain. You should know who is supposed to be a mailserver for your addresses.

[-] Ocelot@lemmies.world 3 points 1 year ago* (last edited 1 year ago)

This isn't really going to be accurate all the time. It is a totally reasonable configuration to use a mailserver not in the MX records. Lots of companies that send automated emails use a service like mailgun or sendgrid as a relay, which isn't their MX server. It doesn't come from their company's mailserver. The only way to validate that is by adding mailgun/sendgrid as an include in the SPF record.

PTR records are very difficult to maintain for any accuracy since lots of companies use cloud providers and don't bring their own IPs.

You'll often miss things like "Your credit card expired" or "please change your password" or even "Here's your monthly bill from the power company" emails.

[-] rufus@discuss.tchncs.de 1 points 1 year ago* (last edited 1 year ago)

I've tried and lots of providers want the PTR. I think Gmail is espectally strict when it comes to antispam, doing the DNS lookups and checking IP ranges. I forgot what gets you into the spam folder and what gets your mail rejected completely. You're right with the MX record though. I think I misremembered whatever I configured in Postfix. SPF is the way for that.

But I just follow suit with the big providers and am very strict with the incoming mail. I need to look it up, but i think i refuse them if the mailserver doesn't have any dns records at all. And if it sends something silly in the HELO. With mailchimp or mailinglists, isn't the way to do it to set mailchimp in the envelope-from and your company into the from header? and then I can check at least that mailchimp this is a proper mailserver? If you don't set it up properly, you kinda deserve your mail getting lost.

But I think now I know where we don't understand each other. I just check if it's a proper mailserver with the first few checks. That gets rid of >>50% of my spam immediately. I don't use that to verify the mailserver is allowed to send mail for that specific domain. That's a job for SPF later. It just needs to have anything. And that's enough to weed out most of the spam, especially from hacked boxes and crude IPs from the far east.

One exception. I have a specific list with servers allowed to send mail from my own domain. This prevents phishing and impersonating people internally. Nobody except me is supposed to configure mailing campaigns or mailing lists anyway. But now that we're speaking of it, I think I should get rid of that extra config and use SPF for that. I configured that years ago, anyways.

[-] Absolutemehperson@lemmy.world 1 points 1 year ago

I’d also gotten a few fake Amazon fliers form like “vape demon69 dot com”

That's obviously legit. Didn't you know it's illegal to lie on the internet?

this post was submitted on 07 Sep 2023
66 points (100.0% liked)

No Stupid Questions

35838 readers
1044 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS