[Cryptography] what application creates single-use coded email addresses?
Tom Mitchell
mitch at niftyegg.com
Mon Aug 6 15:36:42 EDT 2018
On Sun, Aug 5, 2018 at 9:46 AM, Ray Dillinger <bear at sonic.net> wrote:
>
> I've encountered some email addresses that are apparently base64 encoded
> usernames prefixed with a four-character nonce.
>
> For an example with a fictitious username, email addresses AX2bY2xhcmti,
> gg68Y2xhcmti, cUn4Y2xhcmti, etc, all have the form
>
> {four alphanumeric characters}{'clarkb' encoded in base64}
....
>
> I was thinking about how it would be done...
>
If you own the domain much is almost easy even with a Gmail served domain.
Gmail already allows a slightly less obfuscated version using +
me+bear at some.gmail.served.domain
IMAP and POP allow the messages to be pulled and processed.
If you own a gmail service a default email address can be specified
and so messages with {four alphanumeric characters}{'clarkb' encoded in
base64}
can be de-mangled with perl or python or something.
The difficult part is remembering who was given that mangled name.
Sendmail has rewriting rules as well. Again remembering who gets what is a
data management process that needs to be added to aliases.
Mutt pays attention to some environment and command lines.
See http://www.mutt.org/doc/man_page.html
There is no command line switch for this, but their is an ENV variable, so
at the top of your script add:
$ export REPLYTO="foo at bar.baz"
$ mutt -s "Report for ${CLIENT} Feed" -a ${MNT}${CLIENT}${REPORT}/${f1}
${RECIPIENT} <${MSG}
I guess I would like to see all the headers of the message to see what tool
set
was likely used.
Even this list uses interesting headers. Added an X to not confuse the list.
FXrom: John Denker via cryptography <cryptography at metzdowd.com>
RXeply-To: John Denker <jsd at av8n.com>
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180806/caca759c/attachment.html>
More information about the cryptography
mailing list