General discussion

  • Creator
    Topic
  • #2072736

    Blind forwards on E-Mail accounts

    Locked

    by network_ops ·

    With some mail servers, it is possible to place a .fwd file in a users mailbox on the server that will blind forward any incoming mail to a given account. So, the e-mail path looks something like this:

    SMTP Server –> Recipient’s Mail Server –>USERX (blind) and USER-INTENDED (as usual)

    Thus, someones incoming mail can be read without their knowledge. However, I know that it is possible for the intended recipient to analyze mail in such a way that they can tell if it’s being intercepted upstream.

    Does anyone know how this is done; and if so, what are some good tools/proceedures for analysis?

    Thanks

All Comments

  • Author
    Replies
    • #3783292

      Blind forwards on E-Mail accounts

      by mckaytech ·

      In reply to Blind forwards on E-Mail accounts

      There are several tools out there that work in different ways. One tool used for corporate e-mail monitoring makes a copy of any message passing through and archives it on a separate server and, as far as I know, it leaves no evidence in the headeror body of the message. As professional spammers know, it’s just too easy to spoof a header to cover up tracks. I’m sure that a computer forensics expert could offer an opinion on whether a particular message has been intercepted or read but I’m also doubtful that you’ll find the methods shared on this forum.

      I think the only way to assure the safety of your e-mail is by encrypting it and thereby making diversion or interception irrelevant.

      paul

    • #3783246

      Blind forwards on E-Mail accounts

      by steve cody ·

      In reply to Blind forwards on E-Mail accounts

      If the SMTP server is Sendmail and is on Linux, you can edit the /etc/aliases file and create an entry that will forward to the original user, and any additional users that you want. I have my email system set up this way for my account. For example, the entry in /etc/aliases for me is like this:

      steve: steve, scody@gulbrandsen.com

      This takes all mail coming to steve@codycrew.net and keeps it in my local account, and also forwards it to the other address.

      – Steve

Viewing 1 reply thread