Email spoofing
Email spoofing is when a an email sender lies about where the email comes from. The email's From: address may say it's from a friend, from your bank, or even from yourself! It's the electronic equivalent of putting a false return address on a postal envelope. These spoofed email messages happen outside of your mailbox and the business email servers.
Note: Everyone on the Internet can be a victim of spoofing.
Why spoof someone's email address?
- Companies will block email addresses if enough users report that it's sending spam. Instead of setting up a whole new email address, a spammer can simply spoof the From: address to SAY that the message is coming from a new email address.
- Phishing is the practice of getting bank logins, credit card numbers, and other personal information from fake web pages. Emails that contain phishing links are often spoofed to look like they came from the site they're targeting: iTunes, Gmail, your bank, etc.
- Many email service providers allow you to send mail to yourself--it's a great way to save a copy of outgoing email or to have your shopping list on your phone, for example. Spoofers can exploit this feature by making the email look you sent the message to yourself.
How can spoofing be possible in this day and age?
In its earliest days, the Internet was a private network of military and universities. When someone wanted to send a message to somebody else they would end up basically writing a text file saying who its to and who its from. Security was not really a question back then. This was the dawn of email.
The line in an email that says whom it’s from is just a line of text. If this were changed, older computers and their software could no longer have full access the Internet. Many large companies, universities, and even government agencies still use these older computers, so some standards haven't changed.
There have been some efforts to stop this, both by Congress (Can-Spam act of 2003) and by a coalition of tech companies including Yahoo, AOL, and Microsoft working together on a solution. Yahoo has also put forth its own invention, Domain Keys.
Learn more about email spoofing.
See Also:
