Recently a co-worker asked me “Why do people even bother to spoof my email address?”
First, for those of you joining me that have no idea what the term spoofing means – let us examine that.
Spoofing is defined as:
1. imitate (something) while exaggerating its characteristic features for comic effect.
2. hoax or trick (someone).
Origin: late 19th century English comedian Arthur Roberts.
In the context of computers, to spoof one’s email address means that the sender is acting as if the email is coming from someone it is not.
How someone (or something) sends an email made to look like it comes from somewhere or somewhere it does not, is a little more technical to explain. So, if you don’t like tech talk, then skip to the next section “Why is my email address being spoofed?”
How are they spoofing me?
Spoofing email addresses is rather easy. All a person needs to spoof an email address is an SMTP (Simple Mail Transfer Protocol) server (a server that can send email) and the appropriate email software. Most website hosting services will even provide an SMTP server in their hosting package. It is also possible to send email from your own computer if you load an SMTP server on it, however most ISPs will block port 25 (which is required to send out email).
Many of the available free SMTP servers will allow you to show a different “from” address than the actual registered domain that the email is transmitting from. However, to the recipient of said message, they will see that it actually came from the address you specified.
Now, there are special checks in place (and more being put into place) to prevent exactly this problem. One is called SPF or “Sender Policy Framework” which was developed by Meng Weng Wong in 2003. Basically, each time an email is sent, the receiving server compares the IP of the origin with the IP listed in the SPF record with the appropriate domain.
EXAMPLE 1: So, for example, let’s say someone tried to spoof Bill Gates (email@example.com):
They would send an email on his behalf > the recipient server would then talk back to microsoft.com and say “Hey, I have an email that is coming from 22.214.171.124 stating that it was sent from firstname.lastname@example.org.” > microsoft.com would then tell the recipient server, “No, sorry, it should be coming from 126.96.36.199.” and the message would never get delivered.
Why is my email address being spoofed?
Two basic reasons people (and machines) spoof:
1. Malicious: To cause useless internet traffic – ultimately hoping to bog down servers or bring them to a halt.
2. Because you were unlucky enough to have clicked the wrong thing at the wrong time.
There is only one reason that people (and all of this was at some point, created by people) take the time to code, program and create things like viruses, spoofing, spamming and malware. It is for no other reason than the fact that they can do it. They are bored, or are getting paid by others that want to cause havoc on the Internet. Think about what I show in “Example 1” above. At the end of that example I state that the message doesn’t get delivered. So where does that email go? Well, it sits around in holding bins called queues, sometimes weeks, trying to get delivered. Multiply that by the billions of emails that are transmitted daily and one can imagine how much damage could be done with spam, and spoofing.
Don’t get me wrong, I too at times wish the Internet wasn’t around and miss the days of yesteryear. We have too much information at our fingertips and not enough human hearts controlling it (but that’s a topic for another time). However, the Internet is part of our life, good or bad.
How did they get my email address?
I have been working in Information Technology for almost twenty years and I’ve seen it all. The two biggest problems that cause people to get listed on spoofing databases (lists of email addresses for spoofing) are:
1. People click a link in a phishing email and freely submit their email address (unbeknownst) to the list.
2. People send forwards (such as today’s latest funny) to mass groups of people, exposing their email address and everyone else’s. All you need is for one of those receiving email boxes to have a scraper in it (something that pulls all the email addresses it can find and adds it to a list).
How can I protect myself from being spoofed?
• Use your spam filters. Nearly every free (and paid) email service has spam filters and junk boxes. If something goes to your junk mail, don’t simply unblock it. Investigate the email, even if it looks like it’s coming from someone you know. Make sure that it really did come from that person and that they intended to send it to you.
• Never click an unexpected link or download an unfamiliar attachment. Nearly all major companies (such as banks) have policies in place that require that if they need you to click a link to their site, they will include some sort of identifying information such as your name or last four digits of an account number. Pay special attention to that. Too many people see a generic email that simply says “Your account has been compromised, click here to validate.” No legitimate bank or institution will ever send that. They would say “Dear Jason, We believe your account has been compromised, please call us at XXX-XXX-XXXX.”
• Learn to read email message headers and check domain names and IP addresses. Nearly all email programs will let you float your mouse over an email address (or link in an email). What you see pop up should be identical to what you are floating over. If it is something different, then it is probably spam or phishing for information.
Source: Huffington Post