Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Jump to content

Email spoofing

From Simple English Wikipedia, the free encyclopedia

Email spoofing is the creation of email messages who may look like they are from the actual legitimate source, but the sender is faked.

The original protocols for emails do not have built-in authentication methods, so identity for senders of emails can easily be faked. Most recent countermeasures have eliminated spoofing completely.

Technical Details

[change | change source]

When an email that uses SMTP is sent, the connection has two pieces of important information:

  • MAIL FROM: - shows where the email is sent from, and this field has no checks that are done and it can be easily spoofed.
  • RCPT TO: - specifies where the email should be delivered to.

Together, these are sometimes referred to as the "envelope" addressing – an refrence to a traditional paper envelope. Unless the receiving email address has problems, the server responds with the "DATA" command, and sends several items, including:

  • From: Joe Q Doe <joeqdoe[@]example.com> - the address visible to the recipient; but again, by default no checks are done that check if the email is fraud or not.
  • Reply-to: Joe Q Doe <joeqdoe[@]example.com> - again, not checked.
  • Sender: Jin Jo <jin.jo[@]example.jp> - and this one is not checked too.

The recipient sees the email come from the From: header. They also might be able to sometimes find the MAIL FROM header, and if they reply to the email, it will go to either the From: or the Reply-to: header, but none of these addresses are reliable.

Although email spoofing is effective in forging the email address, the IP address of the computer may still be visible. In malicious cases, however, this is likely to be the computer of an innocent third party infected by malware that is sending the email without the owner's knowledge.

Countermeasures

[change | change source]

The SSL/TLS system has been used to encrypt the connections and protect the headers mentioned above.

A number of other defense systems have come into wide use, including:

To protect the headers, they often have strict authentication and have checks in order to look if the headers have been spoofed.