EmailDiscussions.com - View Single Post

JeremyNicoll · 15 Oct 2019, 07:19 PM

FM's reply:

We are aware of the potential for spoofing or rewriting
of headers, and this is a limitation of email itself and
not specific to Fastmail! Anybody can send emails using
any Fastmail address. This is similar to someone going
around sending postcards or snail mail to people but
forging your postal address. The postal department will
deliver the cards, but they really can't stop someone
from doing this. We are in a similar situation here..

To address any instances of abuse we maintain the
monitored address abuse@fastmail.com. We take any
reports of phishing, spam or fraud very seriously.

If a message is sent from the Fastmail SMTP servers, the
full headers of a message will evidence the original
sender in the form of an encrypted header, X-ME-Sender.

This is a header which we can use to find the sending
account for any email sent by a user, this is used when
handling spam and email abuse. As this header is
encrypted it is not possible for third parties to use
this to find a sending account.

Please let me know if you have any additional questions.

My view: the encrypted header is good news, but of course the recipient of such a mail will not realise that the only way to find out who really sent the mail is to ask FM. And if they're not an FM customer the chances are they won't do that. I still don't see why they can't block misuse my one FM customer of another FM customer's address.

15 Oct 2019, 07:19 PM	#10
JeremyNicoll Essential Contributor Join Date: Dec 2017 Location: Scotland Posts: 484	FM's reply: We are aware of the potential for spoofing or rewriting of headers, and this is a limitation of email itself and not specific to Fastmail! Anybody can send emails using any Fastmail address. This is similar to someone going around sending postcards or snail mail to people but forging your postal address. The postal department will deliver the cards, but they really can't stop someone from doing this. We are in a similar situation here.. To address any instances of abuse we maintain the monitored address abuse@fastmail.com. We take any reports of phishing, spam or fraud very seriously. If a message is sent from the Fastmail SMTP servers, the full headers of a message will evidence the original sender in the form of an encrypted header, X-ME-Sender. This is a header which we can use to find the sending account for any email sent by a user, this is used when handling spam and email abuse. As this header is encrypted it is not possible for third parties to use this to find a sending account. Please let me know if you have any additional questions. My view: the encrypted header is good news, but of course the recipient of such a mail will not realise that the only way to find out who really sent the mail is to ask FM. And if they're not an FM customer the chances are they won't do that. I still don't see why they can't block misuse my one FM customer of another FM customer's address.