Newbiesite Blog Newbiesite Blog

July 13, 2007

Stealing email address? Spoofing – Another method for spamming!

Filed under: Spam — Newbiesite Admin @ 7:56 am

Spoofing is an attempt to gain access to a system by posing as an authorized user.Email spoofing is the practice of changing your name in email so that it looks like the email came from somewhere or someone else.

Spoofing is generally used by spammers as a first defense against people finding out who they are. It’s also used by general malcontents to practice mischievous and malicious behavior. But, Spoofing can be a legitimate and helpful tool for someone with more than one email account.

For instance, you have an account, yourname@isp.net, but you want all replies to go to yourname@example.com. You can spoof yourself so that all the mail sent from the isp.net account looks like it came from your example.com account. If anyone replies to your email, the reply would be sent to yourname@example.com.

This is also helpful if you temporarily use a Web-based email account but want the replies to go to your regular email address.

Whatever the motivation, the objective of spoofed mail is to hide the real identity of the sender. This can be done because the Simple Mail Transfer Protocol (SMTP) does not require authentication (unlike some other, more secure protocols). A sender can use a fictitious return address or a valid address that belongs to someone else.Email spoofing is used by virus authors. By propagating a virus with a spoofed email source it is more difficult for users who receive the virus to track its source to stop the virus.

To change your email identity, go into the mail preferences of your email client, or Web-based email host. Look for fields about identity. They will normally default to your email address and your name. You can change them to whatever you want.

If you get spam, don’t reply to it, ever. The address is almost certainly spoofed, so you’ll never reach the sender. Even if it isn’t, all you’ll do by replying is show that your address is active, thereby nominating yourself as a target for even more spam. Use spamfilters or your email client’s built-in spam filtering features to catch spam before you have to handle it yourself. You can’t do much about people spoofing, but you can find efficient ways of killing off spams via content filtering, keyword matching, and similar tricks.

No single piece of technology will stop all spam and online fraud. However, Sender ID is a significant step in the right direction and is supported by many in the industry as a means to counter spam and online phishing attacks. Sender ID has already had a big impact on email security by helping email senders protect their brand and domain names from spoofing and phishing. It also allows email recipients to validate the origin of mail and provides more information for anti-spam products to make filtering decisions.

Sender ID checks the address of the sending server against a registered list of servers that the domain owner has authorized to send email, verifying that every email message originates from the Internet domain from which it claims to have been sent. This verification is automatically performed by the Internet service provider (ISP) or recipient’s mail server before the email message is delivered to the user. Some best-of-breed email security solutions will use the result of the Sender ID check as additional input into the filtering tasks already performed, and may also consider past behaviors, traffic patterns, and sender reputation when determining whether to deliver mail to the recipient.

The Sender ID process is a relatively simple one. First, email servers publish the IP addresses of their outbound email servers in the Domain Name System (DNS). When an email message is received by the target mail server, the system looks at the incoming messages to determine if they actually originated from the listed domains. This verification is determined by querying the DNS for the list of outbound email server IP addresses for that particular domain. If the IP the email was sent from is not in that list, it is most likely a spoofed message, and should be quarantined or blocked by the receiving system.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

You must be logged in to post a comment.

Powered by WordPress