Saturday, August 23, 2008

Spoofed Emails

On Monday the 18th I received an email accusing me of sending spam. Actually, the email was sent a few days earlier but due to the family situation which I am not talking about at this time I never got the email until Monday. I responded immediately explaining that I did not send the spam and that the reason a blazing games email address was on the reply to field was due to the fact that spammers also spoof that address. I then suggested that they check out Security Now episode 79 which clearly explains this. I never did hear back from this person but did receive a rather strange phone call on Friday. While these things were probably unrelated, I really am dealing with way too much other things at the moment so don't need this type of crap. After thinking about things for a while, I thought that I should properly prepare a reply in the off chance that I get such an accusation in the future and am posting it here so that anybody else can use it.

Spam or phishing emails are sent by people who do not follow the rules. These are fake emails often with the intent of getting the recipient to go to a fake page that looks like the real one in order to steal their account information or try to get them to download some type of software which is actually a Trojan horse The email standard, unfortunately, is not very secure and all the fields in an email can be set to whatever the spammer wishes. As a result all of the fields are set to fake addresses (based on real domains to prevent spam filters from easily detecting them) to prevent the email from being traced back to it's originator.

Many email programs will allow you to look at the header information used to send the email. It is within this information that you can look at the received from fields. Every mail server that the email passes through will add an entry to this list so it is theoretically possible to trace the email back to the sender's ISP. This, sadly, does not necessarily help as more often than not the spammer will be using bot networks to send the spam. What is a bot network? Remember the Trojan Horse I talked about earlier. People who are fooled by the spam and do install the Trojan Horse essentially are giving up their computer to the bot network without their knowledge. There are known bot networks that are made up of thousands of computers. These computers are the ones that are used for sending the spam.

So what can you do if you receive one of these phishing emails? About the only thing that can be done is to forward the email to the company that is being spoofed. This way they can attempt to look at the address that the email message is directing you to and get the fake site shut down.

I can not do anything about spoof emails. If you would like more information about such emails, I would recommend that you go to your favorite search engine, such as google, and do a search for Security Now. This is a podcast that covers all types of security issues. Episode 79 covered email spamming.

No comments: