Amtrak Sends Spam, About Spam

I'm not sure this shouldn't be a rant, but here goes.

I received an email from amtrak.com letting me know that the email they received wasn't deliverable.

That's nice, but I DIDN'T SEND THE EMAIL.

Most spam isn't sent by the address listed in the From: field. Email is very promiscuous, and easily abused. I can, for example, send an email address with any valid From: address. That's the way email worked, and kinda still does.

Emails are sent with a bunch of meta ("hidden") data. This "hidden" data are called headers. This header information contains the various email servers an email will go through to go from the sender to the recipient, from the From: to the To: and Cc: and Bcc:. The From: information is also included in the headers.

Because I can send an email with any valid email address in the From: header (and sometimes without valid From: headers), and fake who the email is from, we now have a number of server-based technologies that let email servers know when an email is faked. We can weed out emails not sent from the person claimed in the From: header. One way, for example, is for domains to broadcast to other servers what servers are allowed to send email for that domain, what IP addresses are okay for email to originate from.

This process works, however, only when a receiving server, oh, ACTUALLY LISTENS TO THE INFORMATION PROVIDED.

In this case, Amtrak uses MicroSoft technologies configured to NOTICE the email is fake, then TREAT IT AS REAL.

These headers were included in they "oh, look, your email failed" message I received:

Authentication-Results: spf=fail (sender IP is 93.174.188.182) smtp.mailfrom=hodsden.org; amtrak.com; dkim=none (message not signed) header.d=none;amtrak.com; dmarc=none action=none header.from=hodsden.org;
Received-SPF: Fail (protection.outlook.com: domain of hodsden.org does not designate 93.174.188.182 as permitted sender) receiver=protection.outlook.com; client-ip=93.174.188.182; helo=login3.tura.ch;
Received: from login3.tura.ch (93.174.188.182) by DM3NAM05FT050.mail.protection.outlook.com (10.152.98.164) with Microsoft SMTP Server id 15.1.977.10 via Frontend Transport; Thu, 30 Mar 2017 09:50:29 +0000
Date: Thu, 30 Mar 2017 11:50:28 -0700
From: " Facebook 3 friend request" <notification+s05kejk4yjxx@hodsden.org>
To: <mxgx@amtrak.com>

OH LOOK! "domain of hodsden.org does not designate 93.174.188.182 as permitted sender"

RIGHT THERE! "domain of hodsden.org does not designate 93.174.188.182 as permitted sender"

OOOOOOO! "domain of hodsden.org does not designate 93.174.188.182 as permitted sender"

And again: "domain of hodsden.org does not designate 93.174.188.182 as permitted sender"

If you KNOW that you're receiving spam, don't tell me another server is sending spam, DELETE THE FUCKING SPAM. REJECT the fucker.

For the love of the ailing fragile overloaded internet infrastructure, don't fucking tell me you received spam, because your email is fucking spam.

I had a clever line here next about Amtrak and not trusting them, but as I reread what I wrote, I realized, that Amtrak NOTICING the email is fake, then TREATING IT AS REAL is an accurate reflection of American society these days. Clinton running a porn ring out of a New York City pizza joint, AND A GUY SHOWING UP WITH GUNS TO CHECK IT OUT? Come on, people. You know that is fucking fake, and you treat it as real. Cheetoh claiming his office has been bugged, and everyone going "oh oh oh, he said it, it must be true," AND YOU KNOW HE'S AN IMMATURE BABY. The emperor has no clothes. Amtrak doesn't have an IT department able to configure email servers. Talk about the large mirroring the small mirroring the large.