Spoofing Easily Explained

When you receive a postal letter, the return address in the top left corner of the envelope tells you where and who it is from. But, the sender can write any name and address. There is no guarantee that the contents of the envelope are from the sender identified in the top left corner of the envelope. Emails are not different.

Spoofing is the word for impersonating an email sender’s identity. It is forgery. If you are able to read email headers, many times you can identify the email address of the sender. Sometimes you can’t when the spoofer connects directly to an email server. The headers of these emails show that the email was sent from an account owner’s email server, not the email server of the spoofer.

SMTP (Simple Mail Transfer Protocol) is used to send outgoing email. SMTP does not require authentication of the sender. As email account holders, we do not have control or access to the email server sending our emails.

Whatever the reason for spoofing, the goal of spoofed mail is to hide the real identity of the sender. There are 4 different categories of reasons to spoof an email.

• Computer infectors either want to cause confusion or simply don’t care which sender address is used. They want the recipient to believe the forgery so the email will be read or the email attacjment will be clicked on so they can complete the mischief they were sent to do.
• Fraudsters want to mask the real purpose of the email and hide their identity. These spoofers want the recipient to believe the email is from a respected or known company or individual so the recipient will: purchase the illegal product or service, purchase the legitimate product or service, take the money then not deliver, or, believe the harassing, defamatory or illegal content was sent from an unsuspecting known rival or competitor.
• Phishers want to impersonate familiar companies and individuals so they can steal personal and financial information from unsuspecting emial recipients.
• Spammers want to avoid being caught for violating anti-spam laws and they also don’t want notices sent to their real email addresses saying that an email was not able to be delivered.

The way to prevent spoofers from forging your email address is to use encryption software. Encryption verifies that the email hasn’t been altered or tampered with in transit. It also verifies that the email was sent from whom can be identified as the sender in the email.

Home computer users don’t use email encryption on a general basis as much as they should. Perhaps companies that offer email services to the general public should consider offering encryption services as part of their online safety optional packages and services.