Craig Andera's blog.
After ordering a computer from Alvio, I got an email virus that looks like it came from them. Herein lies documentation of my attempts to communicate with them about it.
This is a pretty well known virus that has been doing the rounds.What the guy from Alvio has totally failed to get is that the way the virus works is that it selects *pairs* of email addresses from the victim's address book. It uses one as the "To:" address, but uses the other to form a spoofed "From:" address. The fact that this was completely and obviously what happened, given that Craig used a one-time-email-address here is undeniable, but there's more.Craig was kind enough to send me the original SMTP headers for this email. They started:Received: from 18.104.22.168 ([22.214.171.124]) for <email@example.com> with MailEnable Catch-All Filter; Mon, 07 Jul 2003 12:39:47 -0400Received: from NICK ([126.96.36.199]) by candera.sytes.net with MailEnable ESMTP; Mon, 07 Jul 2003 12:39:46 -0400From: <firstname.lastname@example.org>To: <email@example.com> Subject: Re: Application Date: Mon, 7 Jul 2003 0:25:02 --0400 Importance: NormalTo: Subject: Re: Application As Igor says, the email appears to be from firstname.lastname@example.org. However, note that it was delivered from a machine whose IP address is 188.8.131.52.If we look up Alvio's MX records in DNS, we find this:alvio.com MX preference = 0, mail exchanger = mail.alvio.commail.alvio.com internet address = 184.108.40.206Lo and behold, if the email wasn't sent from Alvio's mail server...So Igor's looking pretty foolish right now.
Schneier had an interesting take (from the other side) of unique email addresses and spammers. Seems like it'd be better to use very long, random names for unique email addys:http://www.counterpane.com/crypto-gram-0305.html
Yep, I read that. I can't say that in this case the benefit outweighs the cost.