SPAM IS OFTEN SENT BY UNAUTHORIZED SENDER E-MAIL ADDRESSES

I don't know about you, I easily receive tens of spam e-mails every week. When you look at spam, you observe a very common pattern: the e-mail sender address is often unrelated to the actual topic of the spam, sometimes it is even your own e-mail address! You obviously did not spam yourself, so you might be wondering how spammers achieve this.

The answer of that question can be found in the source of the e-mail messages, here is the e-mail exchanges from one recent spam I received, I hid the e-mail address with ___ but the rest is untouched:

Received: from in58.mail.ovh.net (unknown [10.101.4.58])
    by vr51.mail.ovh.net (Postfix) with ESMTP id 470qHC5h11zgBR0c
    for <___@alishomepage.com>; Sat, 26 Oct 2019 18:28:23 +0000 (UTC)
Received-SPF: None (mailfrom) identity=mailfrom; client-ip=190.7.141.90; helo=dinamic-cable-190-7-141-90.epm.net.co;
envelope-from=___@epm.net.co; receiver=<UNKNOWN>
Authentication-Results: in58.mail.ovh.net; dkim=none; dkim-atps=neutral
Received: from dinamic-Cable-190-7-141-90.epm.net.co (unknown [190.7.141.90])
    by in58.mail.ovh.net (Postfix) with ESMTP id 470qHB2sLwzRhjKB
    for <___@alishomepage.com>; Sat, 26 Oct 2019 18:28:21 +0000 (UTC)
Received: from [100.49.1.57] by mmx09.tilkbans.com with NNFMP; Sat, 26 Oct 2019 07:26:32 -1000
Received: from mx03.listsystemsf.net ([Sat, 26 Oct 2019 07:18:52 -1000])
    by webmail.halftomorrow.com with SMTP; Sat, 26 Oct 2019 07:18:52 -1000
Received: from unknown (HELO mx03.listsystemsf.net) (Sat, 26 Oct 2019 07:11:36 -1000)
    by mxs.perenter.com with ASMTP; Sat, 26 Oct 2019 07:11:36 -1000
Received: from nntp.pinxodet.net ([Sat, 26 Oct 2019 06:51:54 -1000])
    by mxs.perenter.com with SMTP; Sat, 26 Oct 2019 06:51:54 -1000
Received: from [121.199.80.44] by mail.naihautsui.co.kr with ESMTP; Sat, 26 Oct 2019 06:41:30 -1000
Date: Sat, 26 Oct 2019 06:29:53 -1000
Reply-To: "Aitana" <___@alishomepage.com>
From: "Aitana" <___@alishomepage.com>


Here's what these headers say: the e-mail was supposedly sent by ___@alishomepage.com, the e-mail server for @alishomepage.com addresses is hosted by OVH (a Web site hosting provider) yet the e-mail originated from a completely unrelated e-mail server: mail.naihautsui.co.kr.

HOW COME A "RANDOM" COMPUTER COULD SEND AN E-MAIL AS ME?

The protocols supporting the Internet all share the same characteristic: there is close to no hierarchy between the devices on the Internet, in other words "any" device can be providing or consuming "any" service. That implies, you actually don't need anything special to have an e-mail server: any computer, actually even a smartphone, can be used to behave like an e-mail sending server as long as it is connected to the Internet.

THE SOLUTION: BRING AUTHORITY

Luckily, some of the protocols on the Internet have been revised to introduce some control: for e-mails, this is provided by the Sender Policy Framework (SPF); which is simply a protocol where one can specify which e-mail servers are allowed to send e-mails from your domain name. To specify this, you simply need to add a TXT DNS entry on the root of your domain name indicating the SPF details. You can for example see the SPF definition for alishomepage.com: v=spf1 include:mx.ovh.com ~all