Frequently Asked Questions - E-mail Spoof / Forged E-mail





My associates and I received a forged e-mail saying it came from my domain? What's up?

This is called "spoofing" and it's fraudulent e-mail created by spammers who use valid domains in hopes of drawing visitors to their sites or services. They know that people have "block lists" and block domain names from their e-mail servers. So they "spoof" or fraudulently make an e-mail appear to be from any source.

It is an unfortunate part of the Internet, and is not dependent on the location or host of any web service.

The positive news for you, is that almost all users of the Internet have been exposed to this type of spam by now, and they are aware that the originator's domain is not the creator of the offensive e-mail. If someone is new to the Internet, and they haven't heard of these scams, you may wish to refer them the CERT center of Internet security: www.cert.org. Established in 1988, the CERT Coordination Center is a center of Internet security expertise, federally funded, and operated by Carnegie Mellon University.


Why should we moderate our e-mail list server? I don't want to login and approve every message.

If anyone spoofs (forges) your e-mail address, and your list isn't moderated, then he could automatically send anything to your list. We recommend keeping the list server moderated. See the FAQ on What is a moderated list?


Archive historical articles:

www.cert.org:

Before You Connect a New Computer to the Internet
www.cert.org/tech_tips/before_you_plug_in.html The article covers Internet security regarding both PCs and Macintosh computers.

You can search their site at search.cert.org. When searching for "spoofing" - the first response is www.cert.org/tech_tips/email_spoofing.html on e-mail spoofing. As they mention in the article, you may forward your spoofed e-mail to cert@cert.org and they will attempt to research and log all fraudulent activity on the Internet.

We hope this helps you, and your clients, have more comfort knowing that you are not alone. From now on, please forward spoofed e-mails to cert@cert.org, and refer your customers who have never heard of spoofing, to the government funded CERT website www.cert.org. You may wish to forward them parts of this e-mail that link directly the e-mail spoofing article.



windowsecurity.com/articles/Email-Spoofing.html

"If you receive a snail mail letter, you look to the return address in the top left corner as an indicator of where it originated. However, the sender could write any name and address there; you have no assurance that the letter really is from that person and address. E-mail messages contain return addresses, too – but they can likewise be deliberately misleading, or 'spoofed'"



review.zdnet.com/AnchorDesk/4520-7297_16-5128975.html

"In my case, here's what happened: My e-mail address here at CNET Networks appears on just about every story I write. When you read my work, your Internet browser caches a copy of the page on your hard drive for fast retrieval should you want to read it again. If your computer should become infected with a virus, that virus might parse the cached HTML pages and pull out any e-mail addresses it finds. It also culls addresses from your Outlook contacts and various other documents stored on your hard drive. Newer viruses also have the ability to attach common names to stock domains, such as .aol, .msn, .yahoo, and those used by several antivirus vendors, thereby guessing e-mail addresses on the fly (but a lot these created addresses fail, of course).

The virus then sends copies of itself. To do so, it uses its own SMTP engine to bypass your e-mail client and any built-in safeguards your e-mail client may have. Not only will the virus try to send me a copy of the virus, for example — and, later, plenty of spam, thank you very much — the virus might also attempt to use my e-mail address as the sender's return address to infect others."



en.wikipedia.org/wiki/E-mail_spoofing

"E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender."



commoncraft.com/spammer-spoofing-my-email-address

"A spammer needs to send spam emails and they don't want to use an address associated with them. So, they add someone else's address to the From: field of the email. When the email bounces, it comes to the person's address. In this case, me. Spoofing is a pretty common problem, but still painful. Apparently, there is little that can be done aside from filtering the incoming messages and hoping that people don't think you're sending the spam."



pages.ebay.com/SECURITYCENTER/stop_spoof_websites.html

EBAY's Stop Spoof Emails - Learn the signs of a spoof email.

"It's incredibly difficult to detect fraudulent emails - as spoofers have become increasingly sophisticated in their attacks. There are certain characteristics Internet users should look for, though, that are common to many spoof emails. We've developed a Spoof Email Tutorial to show you what to look for (and look out for)."

Spoof Email Tutorial: pages.ebay.com/education/spooftutorial/