Email spoofing and what can be done about it. Examining solutions such as the SenderPolicy Framework (SPF) and Microsoft’s Sender ID, which is based on it are some of the solutions to this problem.
E-mail spoofing is forgery of an email header.(Header is the part of a message that
describes the originator, the addressee and other recipients, message priority level,
etc.) The message appears to have originated from someone or somewhere other than the
actual source. While spoofing can be used legitimately., using by anyone other than yourself is illegal in some jurisdictions.
Although most spoofed e-mail falls into the "nuisance" category and requires little
action other than deletion, the more malicious varieties can cause serious problems
and security risks. A favorite technique of spammers and other mischief mongers is to “spoof” their return e-mail addresses, making it look as if the mail came from someone else. This is a form of identity theft, as the sender pretends to be someone else in order to persuade the recipient to do something (from simply opening the message to sending money or revealing personal information), according to Deb Shinder, technology consultant, who has authored a number of books on computer operating systems, networking, and security.
If the precaution is not taken, anyone with the requisite knowledge can connect to
the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information.
If you remember, your snail mail had the return address as an indicator of where it
originated. However, the sender could write any name and address there and you had no assurance about its genuineness. Just anyone can send spoofed e-mail that appears to be from you with a message that you didn't write!
Why does anyone want to send 'spoofed emails'!!! It could be that spoofed e-mail
may purport to be from someone in a position of authority, asking for sensitive data,
such as passwords, credit card numbers, or other personal information -- any of
which can be used for a variety of criminal purposes.
Whatever the motivation, the objective of spoofed mail is to hide the sender's real
identity. This can be done because the Simple Mail Transfer Protocol (SMTP)
does not require authentication (unlike some other, more secure protocols). A sender
can use a fictitious return address or a valid address that belongs to someone else,
says Ms. Shinder.
No comments:
Post a Comment