Sunday, February 26, 2012

Flaw in yahoo mail allows spam messages to stay at the top of Inbox

Its sunday afternoon and imagine my surprise when I see an email sent from Monday. First, neutrinos time travel and now email!

Turns out yahoo mail blindly trusts the Date header in the message and uses it to sort and present the email. So as long as its Monday in any part of the world, (i.e. international date line) an email can be sent with that date in the header and is accepted as valid. This means that a spam message can be sent to the other side of the international date line with 11:59 PM in the date header and the email will stay on top of the inbox for upto 24 hours (if you were just on the other side of the dateline)

Note that the actual email could be sent from anywhere. This particular email was sent from Massachusetts.

Note the Received-SPF header. This is a great way to pass spam controls since yahoo (and many other mail providers) trust that such a header is automatic guarantee of legitimate email. This of course, is nonsense. A spammer can register a domain and add IP addresses of the nodes he controls as a designated sender and until the domain is banned, he can bypass spam easily.

Return-Path: <>
Received-SPF: pass (domain of designates as permitted sender)

Message-Id: <>
Reply-To: <>
From: =?ISO-8859-1?Q? <>
Subject: =?ISO-8859-1?Q?Photos of Black Singles in DALLAS=A0 =A0=A0=A0=A0=A0  =A0?=
Date: Mon, 27 Feb 2012 11:31:05 GMT
List-Unsubscribe: <

No comments: