Email Spoofing
Welcome to the era of trickery, where you may be able to trust your some friends, but can no longer trust their e-mails. Identity theft is quickly becoming the biggest issue when it comes to e-mail, and it has a name: e-mail spoofing.
Email spoofing is an act by which you can send mail pretending to come from any fake address( For example 'support@microsoft.com', 'admin@facebook.com' etc.). No matter if you have access to the sender address or not, even no matter if the sender address exists or not. It is a very common strategy used among hackers and spammers. It is becoming so common that you can no longer take for granted that the e-mail you are receiving is truly from the person identified as the sender.
Email spoofing is an act by which you can send mail pretending to come from any fake address( For example 'support@microsoft.com', 'admin@facebook.com' etc.). No matter if you have access to the sender address or not, even no matter if the sender address exists or not. It is a very common strategy used among hackers and spammers. It is becoming so common that you can no longer take for granted that the e-mail you are receiving is truly from the person identified as the sender.
Why Email Spoofing?
Senders do this for various reasons, including:
Email spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Because core SMTP doesn't provide any authentication, it is easy to impersonate and forge emails.
Although there are legitimate uses, these techniques are also commonly used in spam and phishing emails to hide the origin of the email message.
By changing[clarification needed] certain properties of the email, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the email appear to be from someone other than the actual sender. The result is that, although the email appears to come from the address indicated in the From field (found in the email headers), it actually comes from another source.
Occasionally (especially if the spam requires a reply from the recipient, as in advance-fee frauds), the source of the spam email is indicated in the Reply-To field (or at least a way of identifying the spammer); if this is the case and the initial email is replied to, the delivery will be sent to the address specified in the Reply-To field, which could be the spammer's address. However, most spam emails (especially malicious ones with a trojan/virus payload, or those advertising a web site) forge this address too, and replying to it will annoy an innocent third party.
Prior to the advent of unsolicited commercial email (spam) as a viable business model, "legitimately spoofed" email was common. For example, a visiting user might use the local organization's SMTP server to send email from the user's foreign address. Since most servers were configured as open relays, this was a common practice. As spam email became an annoying problem, most of these "legitimate" uses fell victim to antispam techniques.
It is much more difficult to spoof or hide the IP or Internet Protocol address. The IP address is a 32 or 128 bit numerical label assigned to each device participating in a network and originates through the network provider making it more difficult to spoof or hide. Although this kind of verification is difficult for individual users, companies can use this technology as well as others such as cryptographic signatures (e.g., PGP "Pretty Good Privacy" or other encryption technologies) to exchange authenticated email messages. Authenticated email provides a mechanism for ensuring that messages are from whom they appear to be, as well as ensuring that the message has not been altered in transit. Similarly, sites may wish to consider enabling SSL/TLS in their mail transfer software. Using certificates in this manner increases the amount of authentication performed when sending mail.
Although there are legitimate uses, these techniques are also commonly used in spam and phishing emails to hide the origin of the email message.
By changing[clarification needed] certain properties of the email, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the email appear to be from someone other than the actual sender. The result is that, although the email appears to come from the address indicated in the From field (found in the email headers), it actually comes from another source.
Occasionally (especially if the spam requires a reply from the recipient, as in advance-fee frauds), the source of the spam email is indicated in the Reply-To field (or at least a way of identifying the spammer); if this is the case and the initial email is replied to, the delivery will be sent to the address specified in the Reply-To field, which could be the spammer's address. However, most spam emails (especially malicious ones with a trojan/virus payload, or those advertising a web site) forge this address too, and replying to it will annoy an innocent third party.
Prior to the advent of unsolicited commercial email (spam) as a viable business model, "legitimately spoofed" email was common. For example, a visiting user might use the local organization's SMTP server to send email from the user's foreign address. Since most servers were configured as open relays, this was a common practice. As spam email became an annoying problem, most of these "legitimate" uses fell victim to antispam techniques.
It is much more difficult to spoof or hide the IP or Internet Protocol address. The IP address is a 32 or 128 bit numerical label assigned to each device participating in a network and originates through the network provider making it more difficult to spoof or hide. Although this kind of verification is difficult for individual users, companies can use this technology as well as others such as cryptographic signatures (e.g., PGP "Pretty Good Privacy" or other encryption technologies) to exchange authenticated email messages. Authenticated email provides a mechanism for ensuring that messages are from whom they appear to be, as well as ensuring that the message has not been altered in transit. Similarly, sites may wish to consider enabling SSL/TLS in their mail transfer software. Using certificates in this manner increases the amount of authentication performed when sending mail.
How does it work?
Email spoofing is done by altering the original 'sender email id', 'sender name' and other parts of the mail. This is possible because the Simple Mail Transfer Protocol (SMTP) does not support any type of sending authentication.
There are many ways to do so, some are as following:
1. Using Command prompt
2. Using email desktop services like Outlook
3. Using Websites offering mail spoofing
4. Using php scripts, to built own mail spoofing website.
I will write about all procedures in detail in coming posts, but here just providing names of some sites that offer mail spoofing, so that you can do some experiments and can understand about it. Some sites are:
1. http://emkei.cz/ (with advanced options)
2. http://deadfake.com/Send.aspx
Note: These sites are tested and working fine for gmail.
Examples of E-Mail Spoofing
Recently i have written about Adobe software update Fake mail, which is also an example of email spoofing.
Identifying Spoofed email:
One can do it by checking original header of email. Usually the spoofed email's header have an email address or SMTP address in sender email which is different than the email showing on the received mail. or it can have other website which has nothing to do with the sender id, or sometimes you can see the original email id of sender in 'reply to', if he/she is willing a reply from you .
No comments: