TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: MARK LEWIS
from: MARTIN GREGORIE
date: 2020-03-20 10:02:00
subject: Re: Regexes and C
On Thu, 19 Mar 2020 22:35:50 +1300, mark lewis wrote:

> Re: Re: Regexes and C
>   By: Alister to Martin Gregorie on Thu Mar 19 2020 22:25:52
>
>
>  > & why would you expect bogus messages to be using an invalid sender
>  > address (quite frankly given the difficulty in validating an email
>  > address actually generating an invalid one must be almost as
>  > difficult) sanitise the data you are actually processing.
>
> i suspect the OP is attempting to mitigate command injections similar to
> those spoken of in this article...
>
> https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-
RCE.html
>
Exactly so. Its not common, but it can also be used to inject a poison
pill into the recipient's system.

Its well-known that the From: header is not used at all to transfer mail
from sender to receiver - returned bounces are sent to the Reply-To
address. The only defined use of From: is to be displayed by the
receiving mail reader (MUA). Any other use is entirely up to the
recipient and their system.

A common use for the From: header is in mail archives, which typically
index emails by sender, recipient, subject and date, but the wise
archivist knows that the From: header can be, and frequently is, a pack
of lies.

Take a careful look at the next piece of spam you receive that's
apparently from a friend. Many MUAs default to showing just the from text
rather than both text and internet mail address. If yours is one of
those, reconfigure it to show both. This gives you the ability recognise
spam without opening it.

Then use your MUA to look at all the headers and you'll see that spammers
are often both lazy and stupid: they often change the sender text to
spoof the victim but both From: and Reply-To: both contain their real
address - unless, that is, that the message was sent from a compromised
system, in which case a common pattern is: From text is your friend's
name, From address is the spammer's address and Reply-to is the address
of the compromised system.


--
Martin    | martin at
Gregorie  | gregorie dot org

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.