What is Email Spoofing?
Ever had a message from Bill Gates promising you money for forwarding emails to your friends? How about offers from George ‘dubya’ Bush? Or perhaps you’ve had dodgy-sounding emails which appear to be sent from yourself?
Spam advice
We’ve said it before and we’ll say it again: if you get spam, don’t reply to it, ever. The address is almost certainly spoofed, so you’ll never reach the sender. Even if it isn’t, all you’ll do by replying is show that your address is active, thereby nominating yourself as a target for even more spam. You can’t do much about people spoofing, but you can find efficient ways of killing off spams via content filtering, keyword matching, and similar tricks.
Worse still, have you been swamped with messages telling you that emails you never sent are undeliverable? Take heart, and join us in grinding your teeth in rage; you’re the victim of email address spoofing.
The facts
Email spoofing is the process of faking the ‘from’ address when sending an email so that the recipient thinks it came from somewhere else. This isn’t necessarily a wrong thing to do; there are legitimate reasons for spoofing an address, such as when using a temporary email account while traveling, or using a personal and a business name with your email domain name. However, pretending to be someone different, especially without their knowledge, is unlikely to be legitimate, and is quite likely to get your Internet access account closed if your ISP finds out.
Simple spoofing can be done just by editing your account details to alter the email address, or preferably create a new account so you leave your existing setup alone. Pick the alternative identity when creating a new email message, and that’s how it will appear to the recipient. Some applications, for example Eudora, can allow direct editing of the ‘from’ field in messages you write. However, large numbers of spam messages are sent via temporary free accounts from services such as Yahoo and Hotmail. As soon as the accounts are blocked, new ones are set up and exploited. Because of this, many spam filtering features are likely to regard such sending domains as moderately suspicious from the outset.
Unfortunately, catching someone that’s covered their tracks by spoofing isn’t easy. By its nature it doesn’t leave you with a valid email address to track, and even if you pore through the headers of the message looking for clues you’re unlikely to get further than the first hacked email server that the culprit used. By all means do report the issue to the owner of that mail server, but be aware that they aren’t responsible for the spoofing.
If you have your own domain set up with your ISP, as many Internet-savvy people and companies do, then you may find that someone uses your domain as part of their faked ‘from’ address. The first you’ll know about it is when the reports of undeliverable messages start flooding in to nonexistent addresses beginning with gibberish such as rgjuwpo7, kgpp55 or similar. You may then start getting irate notes complaining about the spam, but that’s less likely. Apart from having your email account changed so it only lets through specific email names, pretty much the only thing you can do is sit tight and wait for the level to fall. You’re extremely unlikely to get into any trouble with your ISP as they’ll be fully aware of how this happens. You won’t be penalized just because some low-life spoofed your domain name. Of course, if you’ve set up an email server and this has been hacked by spammer then that’s a different matter entirely; your domain will probably be blacklisted for quite a while as a result.
