E-mail Spoofing – Problem or Annoyance?Daniel Bower
What is E-mail Spoofing?
E-mail spoofing is when the sender’s address and other parts of the email header are altered to appear as though the email originated from a different source.
E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the email header), spammers can make the e-mail appear to be from someone other than the actual sender. It is often associated with website spoofing which mimics an actual, well-known website but are run by another party either with fraudulent intentions or as a means of criticism of the organization’s activities. The result is that, although the e-mail appears to come from the email indicated in the “From” field (found in the email headers) it actually comes from another e-mail address, probably the same one indicated in the “Reply To” field; if the initial e-mail is replied to, the delivery will be sent to the “Reply To” e-mail, that is, to the spoofed person’s email.
Spoofing can be used legitimately. Classic examples of senders who might prefer to disguise the source of the e-mail include a sender reporting mistreatment by a spouse to a welfare agency or a “whistle-blower” who fears retaliation. However, spoofing anyone other than yourself is illegal in many jurisdictions.
Bounce Back of Spoofs
Another common problem is receiving bounce back messages (delivery notification failures) when someone is spoofing your email. As spammers and viruses will often pull e-mail addresses from places like websites and people’s contact list, unfortunately, very little can be done to prevent having someone spoofing your email address.
How is E-mail spoofing Possible?
E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP service extension allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn’t write. Although most spoofed e-mail falls into the nuisance category and requires little action other than deletion, the more malicious varieties can cause serious problems and security risks. For example, spoofed e-mail may claim to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other personal information — any of which can be used for a variety of criminal purposes. In general, never give out sensitive information to e-mail inquires. If in doubt about the legitimacy of a request, contact the vendor directly via their phone or website rather then clicking on link in an email.
Dealing with a Spoofed Email
There is really no way to prevent receiving a spoofed email. If you get a message that is outrageously insulting, asks for something highly confidential, or just plain doesn’t make any sense, then you may want to find out if it is really from the person it says it’s from. You can look at the Internet Headers information to see where the email actually originated.
Another common trick of spammers is sending you an email that claims to come from you…which is why you should not whitelist or allow your own email or your own domain in your spam filter.
Remember -even if your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.