Home

Our Services

	About
	Advertising
	Bespoke Software
	Contact Us
	Hosting Services
	Security Consulting
	Terms
	Web Solutions

Members

	BBcode FAQ
	Downloads
	Forums
	Forum FAQ
	Forum Rules
	Groups
	Your Account

Site News

	Forum News
	Stories Archive
	Topics

Tools

	Button Maker
	Domain Registration
	HTTP Return Codes
	Google PR
	MD5 Encrytion Tool
	Search
	Secure Your Email
	Web Links

Manual's

	Memory Terms
	Hex Colour Codes
	PEAR Manual
	phpBB 2.0 D.A.L.
	phpNuke How To
	Web Development

Guides

	Google Guide
	Online Advertising
	Yahoo Guide

Sentinel

We have caught 5884 shameful hackers.

NukeSentinel(tm)

Paypal Referral

Link Exchange

Join our free link exchange

Click Here

e-Mail spoofing

Online Advertising

e-Mail spoofing

From Wikipedia the free encyclopedia, by MultiMedia

Home | Up | Next

E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. This involves changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header) to make the e-mail appear to be from someone other than the actual sender.

As many spammers now use special software to create random sender addresses, even if the user finds the origin of the e-mail it is unlikely that the e-mail address will be active.

The technique is now used ubiquitously by mass-mailing worms, as a means of concealing the origin of the propagation. On infection, worms such as ILOVEYOU, Klez and Sober will often perform searches for e-mail addresses within a Microsoft Outlook address book or similar, and use those addresses in the From field of e-mails that they send, so that these e-mails appear to have been sent by the third party. For example:

User1 is sent an infected e-mail and then the e-mail is opened, triggering propagation
The worm finds the addresses of User2 and User3 within the address book of User1
From the computer of User1, the worm sends an infected e-mail to User2, but the e-mail appears to have been sent from User3

This can be particularly problematic in a corporate setting, where e-mail is sent to organisations with content filtering gateways in place. These gateways are often configured with default rules that send reply notices for messages that get blocked, so the example is often followed by:

User2 doesn't receive the message, but instead gets a message telling him that a virus sent to them has been blocked. User3 receives a message telling him that a virus sent by them has been blocked. This creates confusion for both User2 and User3, while User1 remains unaware of the actual infection.

Newer variants of these worms have built on this technique by randomising all or part of the e-mail address. A worm can employ various methods to achieve this, including:

Random letter generation
Built-in wordlists
Amalgamating addresses found in address books, for example:
- User1 triggers an e-mail address spoofing worm, and the worm finds the addresses user2@efgh.com, user3@ijkl.com and user4@mnop.com within the users Outlook address book
- The worm sends an infected message to user2@efgh.com, but the e-mail appears to have been sent from user3@mnop.com

Home | Up | e-Mail spoofing | Phishing | Scam baiting

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

You can syndicate our News with backend.php

And our Forums with rss.php

You can also access our feeds via Feedburner Site News and LD Software Forums
© 2009 ld-software.co.uk All Rights Reserved.
PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.56 Seconds