[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [ATM] Off Topic, Spam or Virus warning

To: fhh@npgcable.com
Subject: Re: [ATM] Off Topic, Spam or Virus warning
From: Mark Holm <mdholm@telerama.com>
Date: Fri, 16 Dec 2005 22:32:37 -0500
Cc: atm@atmlist.net
In-Reply-To: <1134750387.43a2eab3cff06@webmail.npgcable.com>
List-Archive: <http://www.atmlist.net/pipermail/atm>
List-Help: <mailto:atm-request@atmlist.net?subject=help>
List-Id: The Amateur Telescope Makers List <atm.atmlist.net>
List-Post: <mailto:atm@atmlist.net>
List-Subscribe: <http://www.atmlist.net/mailman/listinfo.cgi/atm>,<mailto:atm-request@atmlist.net?subject=subscribe>
List-Unsubscribe: <http://www.atmlist.net/mailman/listinfo.cgi/atm>,<mailto:atm-request@atmlist.net?subject=unsubscribe>
References: <1134750387.43a2eab3cff06@webmail.npgcable.com>
Sender: atm-bounces@atmlist.net
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)

fhh@npgcable.com wrote:
> David Davis wrote:
> 
> I received a second email, this one allegedly from the USNO folks.  I have
> been out there before and downloaded one of the smaller databases.  This
> message came from something like acc-creation at usno.gov which seemed odd to
> me. It seemd odd to my spam filter too as it held the message in
> quarantine.
> 
> David,
> 
> You and your spam filter did right.
> 
> Definitely NOT from USNO folks.  My day job is at USNO
> Flagstaff Station (and I don't email this list from
> there).  ALL of any official link or address from USNO
> MUST end with .mil given this is the "Naval" Observatory.
> I know of no connections to USNO ending with .gov or
> any non-.mil suffix.
There is a reasonably accurate way to check suspicious emails.  The
machine that sends the message to whatever machine is the first in your
local email system has to give its correct IP address as part of the
transaction.  The SMTP experts say it is very difficult to spoof that IP
address, so much so, that they consider it practically impossible.  Most
email handling programs record that IP address as part of a Received
header.  It will be the header that says Received: from (possibly insert
name of sending machine here)(HELO possible name of sending machine) (IP
address of sending machine) by (name of machine at your end of the email
chain).
There usually are multiple Received lines.  Read them from top down.
The last one that has a name of a machine on your end of the system is
the one you want.  (By your end of the system, I mean, your employer if
they provide their own email system, your ISP, your email forwarding
service, etc.  The key is the word your: this should be somebody you
know is part of your normal email receiving scheme.)  The IP address
before the word "by"  on that Received line is the one to check.  Most
of the time, it should belong to someone on the sender's end of things.
 Now, there are cases where that IP address could theoretically be just
about any machine on the internet (the system was designed that way) but
most of the time, it will be a machine associated with the sender.  So,
you go to www.dnsstuff.com and type that IP address into their IPWhois
lookup box.  The resulting information ought to bear some relationship
to the domain the sender claims to be from.  (There are exceptions, such
as a company that contracts with a third company to send out messages
for them.)  But a lot of obvious forgeries can be caught this way.
Somebody that claims to be sending from usno.mil for example should not
have an IP address that translates to somewhere in China, or to a
private ISP in Michigan, etc.

> 
> This list, and ATM resources, have been helpful to us
> on the job.  PLOP let us properly tune the astatic
> axial primary mirror supports of the 40-inch, Ritchey's
> last scope.

I will have to forward this message to David Lewis.  He wrote Plop.  I
am sure he will be tickled pink to know he helped with a well known
Ritchey scope.

  I hope our databases are helpful in return.
> 
> Cheers,
> 
> Fred Harris
> _______________________________________________
> ATM mailing list http://www.atmlist.net/
> 
> 

Mark Holm
mdholm@telerama.com

_______________________________________________
ATM mailing list http://www.atmlist.net/

References:
- [ATM] Off Topic, Spam or Virus warning
  - From: fhh@npgcable.com

Prev by Author: Re: [ATM] Diagonal Size
Next by Author: Re: [ATM] 8" Diagonal
Prev by thread: [ATM] Off Topic, Spam or Virus warning
Next by thread: [ATM] Parts needed for a class
Index(es):
- Author
- Thread