Email "Spoofing" and Email "Spamming"
Email spoofing refers to email that appears to have originated from one source while actually being sent from another. Individuals who are sending "junk" email or "spam", typically want the email to appear to be from an email address that may not exist. This way the email cannot be easily traced back to the originator.
All email users are vulnerable to spoofed or forged email. It is easy to spoof email because the fundamental email protocol, SMTP (Simple Mail Transfer Protocol), lacks authentication. If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of the individual's choice; this can be valid email address or a fictitious address that is correctly formatted.
Email spamming refers to the act of sending unsolicited commercial email. If you did not request it or sign up for it and the person sending it to you is attempting to make money, it is spam.
How Do They Get My Email Address?
The first source is typically the open display of email addresses. This can either by on web-based message boards, newsgroups, chat rooms. Simply posting a message on a board with your real email address is enough for the site-crawling programs (often called "spiders" or "spambots") to add you to countless spam lists.
Another source are sites created specifically to attract email addresses. For example, a spammer creates a site that says, "Win $1 million!!! Just type your email address here!" In the past, many large sites also sold the email addresses of their members. Or the sites created "opt-in" email lists by asking, "Would you like to receive email newsletters from our partners?" If you answered yes, your address was then sold to a spammer.
Probably the most common source of email addresses, however, is when a spammer simply queries an email server with hundreds of thousands of email addresses that vary only by one number or letter. The email server responds, telling them what email accounts are actually in use allowing the spammer to know what addresses are worth selling. As email addresses generally are not private (just like your phone number is not private if it is listed in the phone book), once a spammer gets a hold of your email address and starts sharing it with other spammers, you are likely to get a lot of spam.
Legislation appears to be the method by which the US will be dealing with spam. The idea being that the U.S. government should set up a national "do not spam" list identical to the national "Do Not Call" list designed to block telemarketers. However, a common belief held by experts in the field is that spammers would merely set up spam servers in foreign countries and actually use the "do not spam" list as a source of fresh email addresses.
Another solution often posited is an "opt-in" list. Under this proposal, only those people who specifically request spam email would get it. However, the United States congress seems to be heading in the opposite direction, supporting "opt-out" legislation which would leave millions of American computer users, unaware of the consequences, with evn more spam.
The most effective tactic in the war on spam is the elimination of email in the traditional open sense. Many businesses, government organizations and other entities are being forced to take this approach. Even the White House has been opted to follow this path. Today, if you want to send email to the president of the United States, you do it by filling out an online form .
Dealing With Spoofed Email
There is really no way to prevent receiving a spoofed email. If you get a message that is outrageously insulting, asks for something highly confidential, or just plain doesn't make any sense, then you may want to find out if it is really from the person it says it's from. You can look at the Internet Headers information to see where the email actually originated. Remember that although your email address may have be in the From portion of the header, this does not mean that the spoofer has gained access to your mailbox.
Displaying Internet Headers Information
To determine the true sender of an email, it is often necessary to check the headers. An email collects information from each of the computers it passes through on the way to the recipient, and this what is stored in the headers:
- With the Outlook Inbox displayed, right-click on the message and click on the Options command to display the Message Options dialog box. Internet Headers are best read from the bottom up, as they are added to as the email passes through the system.
- Scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the email's origin. The most important information follows the “Return-path:” and the “Reply-to:” fields. If these are different, the email is not who it says it's from.
Be sure to note the following links for further information:
