What is e-mail spoofing?
“Email spoofing” is a term used to describe fraudulent emails in which the sender’s address and other parts of the email header are altered to appear as though the email originated from a different source. For example, you might receive an email that appears to have been sent from a well-known company. In reality, none of those organizations would be likely to send any unsolicited email (that which you didn’t sign up for and expect to receive). In short, spoofing is a counterfeit email with stolen email addresses used without the real address owner’s knowledge or permission.
How spoofing works?
It is important to note that spammers don’t need access to the mail server of the address they are using. All a spammer needs to do is open their e-mail application, go into the configuration options and set the “from” address to whatever they want. Any programmer familiar with internet protocols can easily manipulate these “email headers” and construct an email manually. That allows them to insert whatever address they want in the sender field and it will look as real as any email to the recipient. This technique is now commonly used by mass-mailing worms as a means of concealing the true origin of the propagation. There is no provision in the Internet e-mail protocols in use today to validate or authenticate that any particular user has rights to use the address or domain name.
How to identify spoofing?
Spoofing can be identified by analyzing the email headers.
- MS Outlook – Point to a suspect email in your inbox and right-click. On the context menu, select Options. A new window will appear. In that window, the e-mail headers are displayed at the bottom, in the box titled Internet headers.
- Outlook express – Point to a suspect email in your inbox and right-click. On the context menu, select Properties. A new window will appear. In that window, click on the details tab. The e-mail headers are displayed in the box titled Internet headers for this message.
- Gmail – When you open an e-mail message, at the top there is a link titled “Show original”. Click on it and a new browser window will appear, with the e-mail header at the top.
- Yahoo Mail – When you open an e-mail message, at the bottom there is a link titled “Full Headers”. Click on it and the windows will re-render showing a very nice presentation of the e-mail header at the top.
What can be done to minimise spoofing damage?
Unfortunately there isn’t anything the owner of the domain can do to prevent spoofing. They can only react after the fact when they find out it has happened. Reactions can be as simple as deleting all of the bounces they receive, to posting about the experience on their web site to hiring an attorney to attempt to track down the person responsible.
Here are some steps to limit the damage:
1. If you can see in the headers the IP address for the computer that sent the spam, you may be able to determine where the messages came from.
a. Open the e-mail headers and read where it came from. Usually, it’s very easy to identify a fake message just from the path it took on the internet.
b. If you can’t identify the problem, just extract the headers and send them to your IT and Security Officer for analysis.
2. You can then contact that PC’s Internet service provider and have that IP address blocked. In the short term, that may stop the email spoofing and the bounced messages. The ISP may not help you; and even if it does, there’s nothing to stop the spammer from simply spoofing your email account from a compromised PC that has a different IP address.
3. If you don’t normally use the email account in question, the most sensible tactic is to delete the account and start anew. Of course, for business email accounts and for primary personal email accounts that you’ve used for years, you may decide that jettisoning the account isn’t an acceptable option.
Comments are closed.