 |
E-mail Spoofing
Have you ever received a SPAM e-mail from yourself?
We have and so have many other victims of e-mail spoofing.
Believe it or not, almost all spam e-mails come from what are called "spoofed" e-mail addresses. A "spoofed" or forged e-mail message is an e-mail that looks to have come from one address when, in fact, it was sent from another address and person all together. A "spoofed" e-mail address is a deception, as it appears to have come from a trusted source.
The individual performing the spoof will use an e-mail address that seems trustworthy, or they will change the header information of the e-mail so that it appears as someone else is the sender. This way, when you receive a SPAM message, it appears to have come from a reputable source instead of from someone like xxbhge48593@yahoo.com.
But that is not the only reason why spammers use a spoofed e-mail address. They also use them because they not only don't want to be tracked, but they also don't want to deal with all the bounced back e-mails.
For a real life case and point, someone has been sending out malicious SPAM messages using our domain name since November of 2005. We first found out our e-mail address had been spoofed when we opened Microsoft Outlook to download our new e-mails and found over 300 bounced back e-mails in our inbox.
And they just kept coming.
In those first three days, we received over 1,500 bounce back e-mails! What could we do? Thank goodness for our wonderful server administrator at SorStream Communications. He began the process of trying to track down the perpetrator and also made sure we were not black listed as a spammer. Even though they searched and searched, they were not able to track down the source of the e-mail spoofers. They did report the activity, though, and hopefully, one day, the e-mails will stop.
To handle the bounce back emails, we created a separate e-mail account that we call a "catch-all". How it works is basically, if the e-mail address is one we are not actively using, the bounced back e-mails and junk (SPAM) e-mails go there. For example, if someone sent an e-mail to lovemuffin@gilmoredesigngroup.com, we would never see it, because we don't use that e-mail address (nor, would we want to..)
Even though this issue hasn't been resolved, we have quickly realized we are part of a growing number of SPAM spoofing victims. This internet crime is on the rise and is very dangerous. For a business it could mean the loss of credibility to your audience, along with being blacklisted. This could mean that many of your clients would never be able to see an e-mail from you again.
We wanted to devote this newsletter to make you aware of the situation. Understand that the e-mail address that is listed in the From: area of your latest SPAM message is not the person who is actually sending you the e-mail. They are instead victims of SPAM spoofing just as we are.
Incidentally, if you have received any pharmaceutical SPAM messages from gilmoredesigngroup.com, please understand that these malicious e-mails are not from Gilmore Design Group, but instead from a group of people who thought our e-mail address sounded credible and thought by stealing it they could get more people to click on their links.
So what can we do to stop this? For now, there is little e-mail users can do to prevent deceptive spammers from spoofing their e-mails. Regrettably, although the practice is illegal in many states, most of these spammers are operating outside of the United States, therefore making it increasingly difficult to trace the culprit.
Even so, attorneys can offer the following tips to reduce the chances that their client's e-mail will be hijacked by deceitful spammers:
| • |
Do report deceptive or misleading messages to the FTC by forwarding them to uce@ftc.gov . |
| • |
Do use an e-mail filter. If your e-mail is spoofed, set your e-mail software to automatically delete all messages that have the subject line used by the offender. If your filter gets overwhelmed, your ISP may by able to help. |
| • |
Do consider using two e-mail addresses: one for personal messages and one for newsgroups and chat rooms. E-mail users can also take advantage of popular disposable e-mail address services that create a separate e-mail address that forwards to your permanent account. If one of the disposable addresses begins to receive spam, you can shut it off without affecting your permanent address. |
| • |
Do visit consumer information sites such as Junkbusters and the FTC's spam Facts site at www.junkbusters.com and http://www.ftc.gov/ bcp/ conline/edcams/spam/ . |
| • |
Do not use a common e-mail address like mjones@aol.com. Spammers use "dictionary attacks" to sort through possible name combinations at large ISPs or other e-mail services. |
| • |
Do not over-display your e-mail address in public, at least not in a form that is easy prey for scavenger programs spammers use to harvest e-mail addresses. |
| • |
Do not give away your e-mail, unless you are comfortable with a Web site's privacy policy. If the company sells your information or shares it with their "partners," you should consider opting-out or altogether withholding your e-mail address. |
| • |
Do not reply to spam. Most spam messages offer bogus instructions to remove your name from their lists. Some spammers actually use replies to confirm an address, then sell it to other spammers. |
Although there hasn't been an effective measure of stopping these spam forgeries, every little bit counts. One such measure is known as Sender Policy Framework (SPF). Primarily, SPF works by verifying whether the domain the e-mail is sent by matches the IP from which the e-mail was actually sent. The only downside to this is that it isn't foolproof. Often times, e-mails are sent through an ISP or another free relay because the ISP blocks the SMTP port for your e-mails. In this scenario, those e-mails will be qualified as fraud. The details get a bit more complex, so we encourage you to read more on this subject if you are a victim of spam forgery.
To set up Sender Policy Framework (SPF) for your domain: http://www.openspf.org
Run through the wizard for your domain and when you are finished, give this information to your web host and have them add it to your domain.
Find out if you're on the domain blacklist! The public registry is located at: http://trustedsource.org
For more information on e-mail spoofing, here are a couple of articles and sites we recommend:
|
|
E-mail Header
(Borrowed from Vertical Response)
The header in an e-mail is the part of the e-mail that is not transparent to the recipient unless they have their "View Headers" turned on. This tells the recipient what servers the e-mail is coming from and what programs are being used to generate this e-mail. In Microsoft Outlook, the header can be viewed by opening the e-mail message, and then clicking on View -> Options. At the bottom of the popup window, a section called "Internet headers:" is shown, displaying all of the e-mail header information.
An example is below:
|
Return-path: <sender@domain.com>
Envelope-to: receiver@anotherdomain.com
Delivery-date: Wed, 31 May 2006 16:51:15 -0500
Received: from [66.147.158.134] (helo=domain.com)
by e-mail.server.com with esmtp (Exim 4.52)
id 1FlYai-0007bY-9G
for receiver@anotherdomain.com; Wed, 31 May 2006 16:51:00 -0500
Received: from whatcounts.mbira.com (127.0.0.1) by domain.com (PowerMTA(TM) v3.0r23) id hfo8um08ts87 for <receiver@domain.com>; Wed, 31 May 2006 17:00:05 -0500 (envelope-from <sender@domain.com>)
From: "The Sender" <sender@domain.com>
To: receiver@anotherdomain.com
Subject: I just wanted to check on our lunch meeting..
Date: 31 May 2006 17:00:05 CDT
Reply-To: "The Sender" <sender@domain.com>
MIME-version: 1.0
Content-type: text/plain
X-Mailer: WhatCounts
X-cPanel-MailScanner-Information: Please contact the ISP for more information
X-cPanel-MailScanner: Found to be clean
X-cPanel-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.6,
required 5, autolearn=not spam, BAYES_00 -2.60, SPF_HELO_PASS -0.00)
X-cPanel-MailScanner-From: sender@domain.com
X-Spam-Status: No |
SenderID
(Borrowed from Vertical Response)
In an effort to fight spam, major ISPs are pushing for an authentication technology that makes the sender of the e-mail identify themselves and prove that they are who they say they are. That is, if you get an e-mail from Company X you should be able to trace that back to a server that is owned and managed by CompanyX.com.
Companies will need to publish the mail server IPs that they use to send mail from. This way, when a receiving server goes to process incoming mail, they can do a quick check and make sure that the IP is actually managed by the sender. |
|
|
