In Other News

I finally got some spam this morning. After about a year and a half of using the excellent qconfirm package to initiate challenge-response authentication for incoming messages. (This simply insists that if I don't know you, I'm not going to read your mail until you can prove that I can send mail back to you. Not surprisingly, there isn't anybody listening at "twfneg@isssecurity.com".)

So to my surprise, this morning I had quite a few messages in my inbox. I don't know what they're for (I have HTML syntax turned off in Thunderbird by default, don'tchaknow), but the fact they're there was disconcerting enough.

After a little bit of checking, it turns out these new messages have bypassed the challenge-response system by setting the envelope sender to be my own address.

Clever little monkeys.

All it takes to eliminate this kind of problem is a few lines in my ~/.mailfilter script:

# stop forged mail from me to me
if (("my@ad.dre.ss" eq $FROM) && \
    (!(/^From:.*my@ad\.dre\.ss/:h)))
{
  to "./Maildir/.Spam/"
}

to "./Maildir/"

Now, there's yet another way around this: if they set the envelope sender to be the same as the "From: " address. Don't remind me.