|
Email "Spamming" and Email
"Spoofing" Two
terms to be familiar with in these days of increased
communication via electronic mail: email "spamming" and
email "spoofing".
Email "spamming"
refers to sending email to thousands and thousands of users
- similar to a chain letter. Spamming is often done
deliberately to use network resources. Email spamming may be
combined with email spoofing, so that it is very difficult
to determine the actual originating email address of the
sender. Some email systems, including our Microsoft
Exchange, have the ability to block incoming mail from a
specific address (see
documentation for further information). However, because
these individuals change their email address frequently, it
is difficult to prevent some spam from reaching your email
inbox.
Email "spoofing"
refers to email that appears to have been originated from
one source when it was actually sent from another source.
Individuals, who are sending "junk" email or "SPAM",
typically want the email to appear to be from an email
address that may not exist. This way the email cannot be
traced back to the originator.
Malicious Spoofing
There are many possible
reasons why people send out emails spoofing the return
address: sometimes it is simply to cause confusion, but more
often it is to discredit the person whose email address has
been spoofed: using their name to send a vile or insulting
message.
Sometimes email spoofing is
used for what is known as "social engineering", which aims
to trick the recipient into revealing passwords or other
information. For example, you get an email from what appears
to be the LSE's email administrator, or from your ISP,
asking you to go to a Web page and enter your password, or
change it to one of their choosing. Alternatively, you might
receive an email asking for detailed information about a
project. The From field suggests that the message comes from
the LSE, but instead it is from a competitor.
Dealing with a Spoofed Email
There is really no way to
prevent receiving a spoofed email. If you get a message that
is outrageously insulting, asks for something highly
confidential, or just plain doesn't make any sense, then you
may want to find out if it is really from the person it says
it's from. You can look at the Internet Headers information
to see where the email actually originated.
Remember that although
your email address may have been spoofed this does not mean
that the spoofer has gained access to your mailbox.
Displaying Internet Headers
Information
An email collects information
from each of the computers it passes through on the way to
the recipient, and this is stored in the email's Internet
Headers.
1. With the Outlook Inbox
displayed, right-click on the message and click on the
Options command to display the Message Options
dialog box.
Internet Headers are best read from the bottom up, as they
are added to as the email passes through the system.
2. Scroll
to the bottom of the information in the Internet Headers
box, then scroll slowly upwards to read the information
about the email’s origin. The most important information
follows the “Return-path:” and the “Reply-to:” fields. If
these
are different, the email is not who it says it’s from.
Click
here for a full explanation of the mail header.
Virus spoofing
Email-distributed viruses that use spoofing, such the Klez
or Sobig virus, take a random name from somewhere on the
infected person’s hard disk and mail themselves out as if
they were from that randomly chosen address. Recipients of
these viruses are therefore misled as to the address from
which they were sent, and may end up complaining to, or
alerting the wrong person. As a result, users of uninfected
computers may be wrongly informed that they have, and have
been distributing a virus.
If you
receive an alert that you’re sending infected emails, first
run a virus scan using McAfee (see
documentation for further information). If you are
uninfected, then you may want to reply to the infection
alert with this information:
“Your
virus may have appeared to have been sent by me, but I have
scanned my system and I am not infected. A number of
email-distributed viruses fake, or spoof, the ‘From' address
using a random address taken from the Outlook contacts list
or from Web files stored on the hard drive.”
But keep
in mind that a virus alert message is quite often auto
generated and sent via an anti-virus server and so replying
to the original email may not elicit a response.
Alternatively, if you receive an email-distributed virus,
look at the Internet Headers information to see where
the email actually originated from, before firing off a
complaint or virus alert to the person you assume sent it.
For more
information click the following links:
http://www.g4tv.com/techtvvault/features/17167/What_is_Email_Spoofing.html
http://www.cert.org/tech_tips/email_spoofing.html
|
