Learn something new every day
More Info... by email
E-mail spoofing is the act of altering certain e-mail header fields to make them appear as if they originated from a different sender. Although this act is sometimes done for legitimate reasons, it is more frequently done for fraudulent purposes. Considered a form of spam, e-mail spoofs are typically sent out in order to obtain sensitive or personal information from the person receiving the e-mails.
Simple Mail Transfer Protocol (SMTP) is a common protocol for sending electronic mail across different Internet protocol networks. Although SMTP is standard, it is not very secure, as it does not provide e-mail authentication. Thus, e-mail spoofing is thought to be a simple process. It is most often done by changing the name or e-mail address that appears in the header section of the e-mail to make it look as though it came from an authoritative source. More complex forms generally consist of the spammer manipulating certain information and sending e-mails through open relay SMTP servers.
A spammer may use e-mail spoofing for several reasons. In many cases, fraudulent e-mails are sent to obtain personal information, such as passwords or credit card numbers. They may also contain malicious material, such as viruses. Phishing e-mails, or those sent to obtain personal information, may claim that the user must change his or her password on a certain Web site or may state that the user's bank urgently requires an update on personal information, such as credit card or checking account routing numbers. Malicious e-mail spoofs can contain viruses that are either destructive to the user's computer or help the spammer acquire information about the user's e-mail habits, sensitive documents, or e-mail contacts.
Although it can be difficult to detect e-mail spoofing in some cases, certain clues often can indicate that the e-mail received has been forged. For instance, it is important to keep on eye on writing style, as most companies and Web sites have a standard way in which they relate to their users. Hovering the cursor over any links in the text is another way to see if the e-mail is legitimate. Spoof e-mails will often contain a string of numbers and letters that do not display any information pertaining to the Web site that the e-mail is claiming to be from. Researching certain header fields, such as the Return-Path or From fields, may also be necessary.
One of our editors will review your suggestion and make changes if warranted. Note that depending on the number of suggestions we receive, this can take anywhere from a few hours to a few days. Thank you for helping to improve wiseGEEK!