Recently a co-worker asked me “Why do people even bother to spoof my email address?”
First, for those of you joining me that have no idea what the term spoofing means – let us examine that.
Spoofing is defined as:
1. imitate (something) while exaggerating its characteristic features for comic effect.
2. hoax or trick (someone).
Origin: late 19th century English comedian Arthur Roberts.
In the context of computers, to spoof one’s email address means that the sender is acting as if the email is coming from someone it is not.
How someone (or something) sends an email made to look like it comes from somewhere or somewhere it does not, is a little more technical to explain. So, if you don’t like tech talk, then skip to the next section “Why is my email address being spoofed?”
How are they spoofing me?
Spoofing email addresses is rather easy. All a person needs to spoof an email address is an SMTP (Simple Mail Transfer Protocol) server (a server that can send email) and the appropriate email software. Most website hosting services will even provide an SMTP server in their hosting package. It is also possible to send email from your own computer if you load an SMTP server on it, however most ISPs will block port 25 (which is required to send out email).
Many of the available free SMTP servers will allow you to show a different “from” address than the actual registered domain that the email is transmitting from. However, to the recipient of said message, they will see that it actually came from the address you specified.
Now, there are special checks in place (and more being put into place) to prevent exactly this problem. One is called SPF or “Sender Policy Framework” which was developed by Meng Weng Wong in 2003. Basically, each time an email is sent, the receiving server compares the IP of the origin with the IP listed in the SPF record with the appropriate domain.
EXAMPLE 1: So, for example, let’s say someone tried to spoof Bill Gates (firstname.lastname@example.org):
They would send an email on his behalf > the recipient server would then talk back to microsoft.com and say “Hey, I have an email that is coming from 126.96.36.199 stating that it was sent from email@example.com.” > microsoft.com would then tell the recipient server, “No, sorry, it should be coming from 188.8.131.52.” and the message would never get delivered.
Why is my email address being spoofed?
Two basic reasons people (and machines) spoof:
1. Malicious: To cause useless internet traffic – ultimately hoping to bog down servers or bring them to a halt.
2. Because you were unlucky enough to have clicked the wrong thing at the wrong time.
Continue reading Email Spoofing: Explained on Huffington Post The Blog