Email spoofing - I did not send this email message

Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. However, spoofing anyone other than yourself is illegal in some jurisdictions.

Email spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending email, does not include an authentication mechanism (other than a Reverse DNS Lookup). Although an SMTP service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages.

To send spoofed email, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed email that appears to be from you with a message that you didn't write.

Although most spoofed email falls into the "nuisance" category and requires little action other than deletion, the more malicious varieties can cause serious problems and security risks. For example, spoofed email may purport to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers or other personal information - any of which can be used for a variety of criminal purposes. The Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass spam mailings. One type of email spoofing, self-sending spam, involves messages that appear to be both to and from the recipient.

It is also common for a virus to spoof email addresses in the address book of your email program after infecting a PC. A mass-mailing worm can select from a list of email subjects in the address book, message bodies and attachment file names for its email messages. It spoofs the sender name of its messages so that they appear to have been sent by different users instead of the actual users on the infected machines. Then when the message fails, public records would route the error back to your inbox.

SMTP authentication verifies that a user must have a user name and password to send a message through the email server that your domain is hosted on. Any online user can spoof any email address from any computer, but with SMTP authentication turned on, they would not be able to send a message thru your email server.

Most large email providers are now filtering for SPF (Sender Policy Framework) which does not accept a message unless it verified by hte Domain Name Servers (DNS). However, there are still some servers that do accept messages without SPF and therefore, it is still possible for someone to be able to spoof your email account

We have already taken measures to protect you from spoofing by adding a Reverse DNS Lookup record and enforcing SMTP Authentication. However, you can take this protection further by modifying your SPF record on your Domain Name Servers to exclude any other email servers.

1. Login to the Control Center at https://www.webcontrolcenter.com/domain.aspx

2. From DNS, click on DNS ZONE ADMIN and next click the GO button.

3. At the bottom, in the SPF RECORD area, click on the ADD RECORD button.

4. Click the YES button to modify the SPF record.

5. The default selection on the next window is I AM USING THE DEFAULT HOSTING SETTINGS. Click SAVE.

6. At this point, your record will look similar to this:
v=spf1 a mx/24 ip4:192.168.0.1 ?all
or this
v=spf1 ?all

However, the “?all” part would accept email from all servers world wide. Copy this string and click on the ADD RECORD button again. Select YES and select CUSTOM SETTINGS. Paste the string in the new field that shows up and change the “?all” to “–all” so the string looks similar to this one:
v=spf1 a mx/24 ip4:192.168.0.1 -all

This will make your SPF record protect against email servers that are not supposed to be sending email with your domain name on all recipient mail servers that are filtering for SPF.

**********NOTE************
Spoofed messages may not be filtered properly when the recipient domain matches the sending (spoofed) domain. A Domain Content Filter can be used as an Internal SPF Content Filter.

Article ID: 911, Created On: 7/12/2009, Modified: 7/20/2009

Feedback (0)