Sometimes even I get some spam mail that makes me blink and think for a moment. I received an email about an order I didn’t make on Newegg.com, a site that I frequent fairly regularly. The email came to my email account registered on the site, and had no links, only an attached .pdf.exe file. I even logged into Newegg.com just to make sure there were no purchases. I then checked the headers on the email that purportedly came from info@newegg.com and it instead came through an email server at bunsen.com, which forwards over to the official web site of The Muppets. In checking records, yup, the originating server appears to be part of the go.com network, which is part of Disney. But in checking my mail server logs, I see this email actually came from a system on a cable connection in Turkey.
While we talk a lot about security and how things can be circumvented and broken, rarely do we get down deep enough to talk about how trust is being affected.
I cannot trust the content of email.
I cannot trust the values in the email fields.
I cannot always trust the headers shown to me when I dig deeper.
I cannot trust the sender.
I possibly cannot trust Newegg.com with my info.
I might have distrusted The Muppets and Go.com and Disney.
I might not trust dns and whois information.
I might distrust foreign servers.
In the end, sometimes you can only wrap yourself in the comfort of the trust implicit in the protocols underneath the Internet, the logs of the devices and services offered…which is typically beyond the reach of your average user…