OT: Is there possible juicy news????

Submitted by UMichMSW07 on
"@mgoblog: Does anyone know if it's possible to confirm the authenticity of an email with a third party source if you have all the header info?" Keep us posted Brian. Here's hoping Harbaugh is jockeying for the HC job! A boy can dream.

NYWolverine

October 23rd, 2014 at 11:35 AM ^

I'm assuming the cake recipient was a pastry chef for many years; and his job was to spell-check all the frosting before the cakes left the bakery. On his last day, the bakery threw him a party to celebrate his years of service.

But when he received this cake, it was bitterweet.

Sure, on the one hand it exulted the significance of his career to the bakery and its staff. Look at the size of that star! So big, yellow, and bright. The bakery did not chince on the frosting there. 

But on the other hand, this retiring baker probably thought to himself...

..."I've made no difference in the lives of these people. On this day of celebration, they affirmatively tell me - THEY PROCLAIM TO ME - IN QUOTES - that they cannot spell success...without me!

Sure, I could split hairs and try to make myself feel better. 'Well, all they've really said is that they can't 'spell S-CCES with out U'. Which is true, right?? And 'U' doesn't necessarily imply 'ME', does it??  

But given the circumstances - this is a celebration of my retirement, and all - it makes me so conflicted in my vanity. 

Oh woe! And how can I feel any vanity at all, with this presentment cake of my greatest failure! The omission of that last requisite 'S'...it is like a dagger to my heart!  These people, my former staff all those years - they can't even spell 'WITHOUT' without me! How am I to go on, my career summed up in this cake?! That insufferable space between WITH and OUT; it is like a purgatory. I feel trapped in it.

I could have taught them to spell for themselves. I could have been a torch of knowledge at the Hapy Celebrashuns Bakry. I could have touched these people. But I did not. And why not? Self importance?!

How could I have been so conceited?

I could have bought a simple dictionary for the bakery. I could have taught my fellow bakers to use it. We could have all been proficient spellers! 

No, I am no success. I do not deserve this party. I do not deserve any accolades at all.

I deserve this cake, exactly as it is." 

Tony Soprano

October 23rd, 2014 at 8:19 AM ^

Security measures have been implemented by corporations and such to prevent spoofing of their email domains - DMARC.   If a company/university/organization has the proper security tools in place, it won't be possible to spoof their email addresses.  In this day and age, any decent company is going to have a security measure in place to prevent it and they do. 

It's why I said in an previous post that you can tell a phishing email from a legitimate one - instead of getting an email from [email protected], it might show as coming from [email protected] instead.  At first glance, it might look legit, but if you compare it to the actual legit emails you get from Chase, you'll see the difference in the extension and delete the message. 

phork

October 23rd, 2014 at 8:28 AM ^

The problem lies with poorly configured email servers or in some cases email servers with the intent to cause problems.  The fact is that while it is getting harder to do, its still doable and rather easily.

bronxblue

October 23rd, 2014 at 8:58 AM ^

That's true in theory, but it also requires the administration to set up proper rules for handling potentially false messages and to maintain a proper list of mail servers and domains.  I read somewhere that Facebook had issues with spoofing at some point due to incorrectly configured/improper failover for DMARC (they let stuff through and flagged it instead of quarantining, if memory servces me right), so it can happen anywhere.  It really does depend on the mail server Brian received it from as well as the sender.

I agree it seems unlikely given the measures in place generally, but it isn't 100% and I suspect Brian is particularly sensitive to validating messages given how much of a "target" he would be for spreading disinformation.

pescadero

October 23rd, 2014 at 8:16 AM ^

Depends on how good you want the fake header to be.

 

It's EASY to make one look to a novice or cursory glance like it came from somewhere else. It's hard (depending on how the incoming server deals with header information) to truly obliterate any detectable trace of where it really came from.

 

...and there are millions upon millions of folks who can do the former, and a not insignificant number who can do the latter... and the first one isn't illegal.

JHendo

October 23rd, 2014 at 11:25 AM ^

Haha, are you kidding me?  Spoofing is incredibly easy to accomplish, and no it's not illegal at all.  It's actually a very common practice for perfectly respectable and non-malicious purposes.  Case in point, say you intiating an email to someone else or yourself from a website (non-webmail).  It some situations, it will want to send that email as you, but isn't going to bother searching for or having you insert the smtp server info of your email provider.  So, it's going to send it from it's own server smtp protocols while just spoofing it to show that was sent from you, when that's clearly not the case.  Additionally, I could go into my outlook right now and specify in there to say to show the from and return email address of anything I send as mgoblog @ gmail.com.  There's not a damn thing that could stop me besides the recipients SPF records and my conscience.  Since most people don't know what internet headers of an email are, let alone how to effectively read them, spoofing can often go unnoticed if it's not obviously illegitimate.

Now, since spoofing does come along with people using it with bad intentions, it's a common practice to add SPF records to your domain to prevent emails coming through or going out from IP addresses that are different the what the reverse dns states that it should be coming from.  Also, large mail providers such as Yahoo and AOL (lol) have started to implement similarly policies to prevent spoofing, but that doesn't mean all spoofing is bad.

Morale of the story, spoofing is perfectly legal and extremely easy, and unfortunately is often used for the wrong reasons.  Somehow tricking the internet headers of an email to effectively and convincingly show information that is inaccurate is extremely difficult if not near impossible.

Source - Former tech for a large domain registrar and hosting/email provider, current lead tech for web related services for a software division of a very large company.

WineAndSpirits

October 23rd, 2014 at 8:31 AM ^

not necessarily true. my boss got a facebook note from someone pretending to be her Aunt. Same name, links, etc. When she started asking questions, it became obvious that it wasn't her aunt, and immediately the person closed shop and all links became generic. I'm not saying this is the case here, just pointing out the sophistication that's out there.



Sent from MGoBlog HD for iPhone & iPad

aplatypus

October 23rd, 2014 at 9:30 AM ^

spoofing the full headers is tougher, but the email address and domain like you're saying are suuuuuuper easy to spoof by anyone. You can't tell me you've never gotten a spam email from your own email address because that's one of the most common tactics. Mail servers and spam filters look at a whole lot more than just the email address, but that part is cake.

 

I can send an email to you from [email protected] right now with no issues, you'll probably never get it because you're behind a mail server that will see, "hey this email says mgoblog.com but it's DNS doesn't match what  mgoblog.com is supposed to be" and rejects it. 

Tony Soprano

October 23rd, 2014 at 7:44 AM ^

Since you have a Twitter account, tell him that whatever comes after the "@" (e.g, Brian @MgoGoBlog in the email address is legitimate -  you can't send it from an email account that you don't have access to, as it would never go through.    

Often times we get phishing emails that look like they're coming from a legitimate source, but if you pay attention to what comes after the "@" in the email address, it will give it away.  For example, you get an email that says it's from Chase Customer Care, but if you look at the email address extension it might say sonya@givemeyomoney.com. 

Moe Greene

October 23rd, 2014 at 7:59 AM ^

So potentially spoofed emails, and we still haven't gotten to Fun with Flight Tracker yet?

I'm not sure my liquor cabinet is fully prepared for these searches.

I'm certain my liver isn't ready....