Email Forgery FAQ

by tnolen
/
Comment Closed

This article aims to answer some questions we frequently receive regarding spam emails which seem to come from yourself or a user you know.

Q: How does someone make it look like he/she sent an email to themselves or make it so that it looks like it comes from someone I know?
A: The email system was designed in the beginning to behave exactly like the postal mail system.  Postal mail was very familiar and reliable, so it seemed reasonable from a programmer’s point of view to create a system which behaved in the same way.  As such, there is no “sender verification”.  This means that there are no controls in place to verify the sender is who he says he is.   With postal mail, you can send a letter with a fake return address and name on the envelope and you can do exactly the same thing in email.  All you have to do is go into your email program and change the Name and Email Address fields in your settings before you send the email.  Spammers and scammers frequently use this to help trick someone to opening an attachment and/or reading the email because people are more likely to read an email from someone they know.

Q: How would I know which email address it really came from?
A: You don’t.  The email system does not require sender authentication, so there is no way to tell who an email really comes from.  Sometimes the headers (envelope) of the email can be used to track a sender based on the IP address it came from, but this process usually requires a court order and it still may not track the email to an individual user.  For instance, if an email is sent from a restaurant which offers free wireless internet, the court order may determine that the email came from the restaurant itself, but would not be able to determine the individual patron.

Q: How do we know what to blacklist so we do not get more email from this offender in the future?
A: You don’t.  Because changing the sender is so trivial, the scammer/spammer can easily change the From address on subsequent messages to get around your blacklist.  Spam is a very difficult issue and this is one of the reasons why.   You cannot rely on filtering systems to make your email 100% safe – you must be diligent in your inspection of emails.  Do not open an attachment that you are not sure is legitimate.  For example, if someone you “know” sends you an attachment you aren’t expecting, contact them and make sure they actually sent it before opening it.