Spam Resource: Forged FBI spam and Formmail Exploits

Al Iverson just issued a new brilliant story on Spam Resource:

Back in November, Spamhaus reported on how somebody managed to send a bunch of forged email through real FBI email servers. Brian Krebs broke down how it happened: The email registration process involves sending out a one-time use token sent by the web server in question, but the subject line and body content could be set in the HTML form, meaning anybody with even the tiniest bit of webform and HTML knowledge could edit things up to send emails wherever they want, saying whatever they want.This is where that occasional gap in the institutional knowledge of spam and abuse on the internet really hurts. For those of you old enough to remember, this is the exact same problem we all dealt with about a hundred years ago (i.e. back in the mid 1990s), thanks to the Formmail.pl script found on a website called Matt’s Script Archive. Matt’s still a great guy…

Read more from the original source: Forged FBI spam and Formmail Exploits