Email spoofing

Email spoofing is called various attempts at deception ( spoofing ) in e- mails for faking other identities.

In a simple way, the sender can specify for themselves an email address that does not belong either to him or does not exist. For the receiver it looks at first sight as if this was the right return address.

This is possible because the SMTP sender address is not checked.

Notes on a fake sender address of this you can get through the SMTP server used. Sends a user, for example, as firstname.lastname @ example.com and does not use a MERGE SMTP server, but an unknown, so could this email may be fake.

But it does not stand behind the changing of the From address ill-will. It may be that you have to through the mail server of the internet provider sent his e-mail or even send. This may be so because the provider forbids one to initiate connections to mail servers and only one computer can send mails. Thus you prevent open mail relays on its own network and an entry of its own network in a black list.

Spoof of the e- mail address is on open relays ( SMTP server, where you do not have to authenticate to send ) possible.

Spoofing is generally possible in various ways. Simplify the spoof, or automate a programmer with the help of scripting and programming languages ​​that dominate SMTP.

In the PHP language it is for example very easily, by adding another header:

Mail ( " [email protected] ", " greetings ", " Greetings from Carla! ", "From: [email protected] ", " -f [email protected] ");

The so- sent message but must not come from Carla.

This is often exploited by phishers to fool the receiver to be his bank or similar to access to data.

Filter Some mail providers on this feature and classify such mail as spam, although there are some useful applications of mail spoofing. An example here is to allow a single server in a campus network, which allows the mail traffic to thereby prevent chopped client machine to send spam.