Spoofed/Forged Email
I. Description
Email spoofing may occur in different forms, but all have a similar result: a user receives
email that appears to have originated from one source when it actually was sent from
another source. Email spoofing is often an attempt to trick the user into making a
damaging statement or releasing sensitive information (such as passwords).
Examples of spoofed email that could affect the security of your site include:
email claiming to be from a system administrator requesting users to change their
passwords to a specified string and threatening to suspend their account if they do
not do this
email claiming to be from a person in authority requesting users to send them a
copy of a password file or other sensitive information
If, after investigating the activity, you find that there is more to the incident than spoofed
email (such as a compromise at your site or another site),
Displaying Internet Headers Information
An email collects information from each of the computers it passes through on the way to the
recipient, and this is stored in the email's Internet Headers.
1. With the Outlook Inbox displayed, right-click on the message and click on the Options
command to display the Message Options dialog box.
Internet Headers are best read from the bottom up, as they are added to as the email
passes through the system.
2. Scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards
to read the information about the email’s origin. The most important information follows the
“Return-path:” and the “Reply-to:” fields. If these are different, the email is not who it says it’s
from.
How Spoofing Works
In its simplest (and most easily detected) form, e-mail spoofing involves simply setting the display
name or “from” field of outgoing messages to show a name or address other than the actual one
from which the message is sent. Most POP e-mail clients allow you to change the text displayed
in this field to whatever you want. For example, when you set up a mail