What is meant by email spoofing in detail?

What is meant by Email or Electronic Mail?

- Email or electronic mail is the most popular and convenient means for exchange of digital messages and information in the modern world.

- E- Mail facility is harnessed through a computer network probably over an internet connection.

- Earlier the email can be used for sending messages only when both the sender and the recipient were online and such messages were called instant messages.

- But, today the email system is somewhat changed and is entirely based up on a store and forward model.

- When an email is sent, it is stored by the server and later is delivered accordingly.

- The sender and recipient do not require being online though they need to connect to the particular email server in order to send and receive the emails.

- The whole email system is today governed by the simple mail transfer protocol or SMTP rather than FTP or file transfer protocol that was used earlier.

Problems faced by Email Systems
These email system like any other system has too got many problems like:

1. Attachment size limitation
2. Overloading of information
3. Spamming
4. Computer viruses
5. Email spoofing
6. Email bombing
7. Tracking of sent and received emails
8. Privacy concerns

This article is dedicated to the worst problem being faced by the email today i.e., “email spoofing”.

Introduction to Email Spoofing

Most of us are aware about the content spoofing; the email spoofing is also somewhat same only with the only difference being that it affects emails rather than web sites or web applications.

"An email is said to have been spoofed when its sender’s address as well as its header part have been altered to make it seem as though it has been originated from a source different from the actual source."

What makes these emails so vulnerable to email spoofing?

- More and more emails fall victims to email spoofing since the simple mail transfer protocol (SMTP) does not provide any techniques or methodologies for the authentication of these emails.

- It becomes comparatively easy for the attackers to forging and impersonating the emails.

- In some cases there might be legitimate causes for forging an email but in other cases the cause can be quite mischievous like phishing and spamming in order to hide the origination of the email.

- The attacker can easily change the email properties like its return path, reply to and from fields etc and make it appear as though somebody else had sent the email hiding the identity of the actual email sender.

- The recipient comes in to believing that the email has been received from the address as altered and stated in the “from” field when it is actually form a different source.

- Such emails are said to be spammed and bear the address of the spam email in the “reply to” field.

- Most of the spam emails are malicious in nature and may be infected with a Trojan, virus or worm and so on.

- Some might be just for the sake of advertisement of some cause.

- Earlier before the advent of the spam, the legitimately spoofed emails were used as a viable business model.

- Consequently the spam emails came to be recognized as an annoying problem. This problem called for the need of anti spam methodologies.

- Spoofing the IP address is somewhat difficult as compared to spoofing of the email content.

- This is so because of the great bit size of the IP address.

- To overcome such spoofing problems techniques such as following are used:
1. PGP cryptographic signatures technique
2. Using SSL or TLS in mail transfer software
3. Other encryption techniques.

Proper authentication is the only solution for preventing spoofing and bombing of emails.

FTP - File Transfer Protocol

- File Transfer Protocol (FTP), a standard Internet protocol, is the simplest way to exchange files between computers on the Internet.
- FTP is an application protocol that uses the Internets TCP/IP protocols.
- FTP is commonly used to transfer Web page files from their creator to the computer that acts as their server for everyone on the Internet.
- FTP is also commonly used to download programs and other files to your computer from other servers.
- Web browser can also make FTP requests to download programs you select from a Web page.
- FTP can also be used to update (delete, rename, move, and copy) files at a server.
- FTP can be run in active mode or passive mode, which control how the second connection is opened.
- In active mode the client sends the server, the IP address port number, that the client will use for the data connection, and the server opens the connection.
- Passive mode was devised for use where the client is behind a firewall and unable to accept incoming TCP connections.

The objectives of FTP are :
- to promote sharing of files (computer programs and/or data),
- to encourage indirect or implicit (via programs) use of remote computers,
- to shield a user from variations in file storage systems among hosts, and
- to transfer data reliably and efficiently.

Anonymous FTP

Thousands of hosts on the Internet run ftp servers that permit guests to login. Such servers usually contain data and software of interest to the general public. They are often called anonymous ftp servers because the guest login name is anonymous. To login to an anonymous ftp server, enter the name anonymous when prompted for a username or userid. When prompted for a password, enter your full e-mail address, unless the on-screen instructions specify an alternative guest password.

FTP Software & Anonymous FTP Servers

FTP Software
Depending on what you are planning to do with your FTP software you should pick different ones. There are hundreds of free pieces of software so there is a very good choice. The three software packages are:

- Cute FTP : It used to be the best shareware FTP program around. It is easy to use and has many functions. Unfortunately, because it has become so popular, the latest version only allows you to transfer one file at a time unless you register. If you can find a copy of version 2.6.* it is an excellent program.

- FTP Explorer : It is not such a good program as Cute FTP but it is freeware so there are no annoying nag-screens. It can be downloaded here.

- Elite FTP : It is not such a good program for uploading standard files it works better if you are working with CGI as you can send commands to the server by typing them in.

Anonymous FTP Servers
A host that provides an FTP service may additionally provide anonymous FTP access. Users typically login to the service with an 'anonymous' account when prompted for user name. Although users are commonly asked to send their email address in lieu of a password, little to no verification is actually performed on the supplied data.
The login id for the public accounts on most anonymous FTP servers is anonymous, and guest is also common. The password can be anything, but most anonymous FTP service machines will ask you to enter your complete email address as your password.

Overview Of File Transfer Protocol

File Transfer Protocol (FTP) is a standard network protocol used to exchange and manipulate files over a TCP/IP based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server applications.

The objectives of FTP are :
* To promote sharing of files (computer programs and/or data).
* To encourage indirect or implicit use of remote computers.
* To shield a user from variations in file storage systems among different hosts.
* To transfer data reliably, and efficiently.

What FTP does ?
It works by establishing a connection between one computer (for example, your PC) and another (for example, your Web server). To do this, you need to know the host name (e.g."webserver.example.com") or IP address (e.g. "12.34.56.78") of your Web server. Your FTP program will allow you to enter lots of different servers if you want (by host name or IP address), and usually you can double-click on one of them to connect to it.
- Logging in
Once connected, the Web server usually asks you for your user name and password.
- Transferring files
You're then logged in to your Web server. Once you're logged in, you can start moving files about. On most FTP programs, this works a lot like Windows Explorer or other similar file managers.
- The home directory
When you first log in, you will be viewing your home directory on your Web server. This will be the directory that contains your website, amongst other files.
- Going dotty
Some FTP programs will show two extra entries in the folder display - a single dot and a pair of dots. The single dot means "this directory" and usually does nothing, but the pair of dots mean "the directory above".

WWW - The Server Side

For all the incoming connectionts from different clients, every website is associated with a server process listening to TCP port 80. The client sends a request after the connection is made and the server sends the reply and then the connection is released. The protocol that is responsible for requests and replies is called HTTP.

The steps that occur between the user clicking and a page being displayed are:
- The browser determines the URL.
- The browser asks DNS for IP address.
- DNS replies.
- Browser makes a TCP connection to the port.
- It then sendsthe GET command.
- The server sends the file.
- The TCP connection is released.
- The browser displays the text of the file.
- The browser fetchesand displays all images of the file.

Not all servers speak HTTP, Old servers use FTP, Gopher or other protocols. Given the number of different protocols, it was thought impractical to make browser understand different protocols. However, since there is a need to make information available (where the server talks in protocols other than HTTP), a solution was required. This solution is something called a proxy server. A proxy server takes a HTTP request from the browser and translates these requests into the FTP/Gopher/other protocols. The proxy server is a separate logical server.
A proxy server also serves to provide an important function called caching. Through caching, a proxy server keeps a local copy of the pages that pass through it. If a user requests for a page, if the page is present on the cache of the proxy server, it serves the page to the user. this way it serves to reduce load on final server.