Subscribe by Email


Wednesday, March 7, 2012

What is meant by email spoofing in detail?

What is meant by Email or Electronic Mail?

- Email or electronic mail is the most popular and convenient means for exchange of digital messages and information in the modern world.

- E- Mail facility is harnessed through a computer network probably over an internet connection.

- Earlier the email can be used for sending messages only when both the sender and the recipient were online and such messages were called instant messages.

- But, today the email system is somewhat changed and is entirely based up on a store and forward model.

- When an email is sent, it is stored by the server and later is delivered accordingly.

- The sender and recipient do not require being online though they need to connect to the particular email server in order to send and receive the emails.

- The whole email system is today governed by the simple mail transfer protocol or SMTP rather than FTP or file transfer protocol that was used earlier.

Problems faced by Email Systems
These email system like any other system has too got many problems like:

1. Attachment size limitation
2. Overloading of information
3. Spamming
4. Computer viruses
5. Email spoofing
6. Email bombing
7. Tracking of sent and received emails
8. Privacy concerns

This article is dedicated to the worst problem being faced by the email today i.e., “email spoofing”.

Introduction to Email Spoofing

Most of us are aware about the content spoofing; the email spoofing is also somewhat same only with the only difference being that it affects emails rather than web sites or web applications.

"An email is said to have been spoofed when its sender’s address as well as its header part have been altered to make it seem as though it has been originated from a source different from the actual source."

What makes these emails so vulnerable to email spoofing?

- More and more emails fall victims to email spoofing since the simple mail transfer protocol (SMTP) does not provide any techniques or methodologies for the authentication of these emails.

- It becomes comparatively easy for the attackers to forging and impersonating the emails.

- In some cases there might be legitimate causes for forging an email but in other cases the cause can be quite mischievous like phishing and spamming in order to hide the origination of the email.

- The attacker can easily change the email properties like its return path, reply to and from fields etc and make it appear as though somebody else had sent the email hiding the identity of the actual email sender.

- The recipient comes in to believing that the email has been received from the address as altered and stated in the “from” field when it is actually form a different source.

- Such emails are said to be spammed and bear the address of the spam email in the “reply to” field.

- Most of the spam emails are malicious in nature and may be infected with a Trojan, virus or worm and so on.

- Some might be just for the sake of advertisement of some cause.

- Earlier before the advent of the spam, the legitimately spoofed emails were used as a viable business model.

- Consequently the spam emails came to be recognized as an annoying problem. This problem called for the need of anti spam methodologies.

- Spoofing the IP address is somewhat difficult as compared to spoofing of the email content.

- This is so because of the great bit size of the IP address.

- To overcome such spoofing problems techniques such as following are used:
1. PGP cryptographic signatures technique
2. Using SSL or TLS in mail transfer software
3. Other encryption techniques.

Proper authentication is the only solution for preventing spoofing and bombing of emails.


No comments:

Facebook activity