Email Spoofing

by

Have you ever received a “spoofed” spam/virus/phish email that claimed to be from the party you know and trust?Or, to rephrase the question, how many do you get every day?

A technique where an illegitimate sender deliver an email message pretending to be from someone else is called “email spoofing”.

Spammers, scammers and criminals have found that recipients are much more likely to take desired action if the email appears to be sent from a known organization, such as their ISP, their bank, PayPal, eBay etc.

There are generally four types of email spoofing:

1. Spam
Spammers are using email spoofing with one particular objective on their minds: to get you to buy their products. Spam is frustrating, eats up our time and is illegal in many countries, but it is significantly less dangerous than the other types of email spoofing abuse.2. Phishing
In a phishing attack, a fraudster spams the Internet with email pretending to be from a trustworthy e-commerce website or a financial institution. The email asks the recipient to click on a link to carry out a transaction or to change their personal profile. The link takes the recipient to a fake website which looks just like the original one. All the sensitive information entered by the vicitim (such as the credit card information, social security number, address etc.) will be sent to the scammer. They often thrive on fear (i.e. “Your account is suspended – click to revive”, “Update your status or your account will be locked” etc.). This is a very dangerous form of email spoofing and can result in heavy financial loss to its victim. Be careful. Assume that your financial institution will never email you asking to “click on the link and update your profile, or else”. If you have to change your account’s profile, then open up your browser and manually type in the website address instead.3. Viruses
Viruses have evolved and their programmers employ various social engineering tricks in the attempt to spread their creations as much as they can. Viruses will often spoof the headers, pretending to be sent from a reputable party (i.e. the ISP of the victim) and asking the recipient to open the attachment which will install the virus and spread it around. It should be noted that some of the content sent by viruses may feel genuine. Don’t be fooled. Install an up-to-date anti-virus software and keep it up and running at all times. If you are using Outlook Express, consider switching to a safer email program, such as Mozilla Thunderbird. Even then, be very cautious of any email message that asks you to launch an attached file, even if it claims to be from your friend or your ISP.

Example:

A few days ago we received an email from a customer who was worried that he got a message from us that we were shutting down our servers for the next two days.

It looked like this:


Dear user of GetResponse.com e-mail server gateway, Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.
For details see the attached file.Cheers,
The GetResponse.com team http://www.getResponse.com


This email is fake and was never sent by us — it’s a virus that pretends its a message from us, asking the user to “see the attached file” which will spread the virus.4. Joe-jobs
A “joe-job” is essentially a spam designed to look like its coming from someone else, in a malicious attempt crafted to hurt the victim and to pin the blame on them. The original “joe-job” took place in 1996 when Joe Doll was accused for spamming he didn’t do. Full story is available here.At GetResponse we were hit with several joe-jobs over the last 7 years. We believe that most of them were initiated by frustrated customers who lost their accounts due to spamming, but our evidence shows that at least one such joe-job was initiated by our competitor who sent a spam-like email that pretended to be from us. Not nice, but negative karma bites back eventually!

What can be done to prevent email spoofing?

When it comes to dealing with spoofs, your ISP/email service provider can implement an anti-spoofing system (such as SPF) that will significantly reduce the number of incoming spoofs.

If you have recently received a spoof claiming to be sent from a provider such as @getresponse.com, @hotmail.com, @aol.com, @rr.com etc., chances are that your ISP hasn’t implemented SPF.

As your ISP/email provider, they are responsible for your safety and should not ignore the dangers of email spoofing.

There are a few things you could do.

1. Do nothing and continue to receive spam, phishing attempts and viruses, hoping that you will not become one of their victims.
2. Change your ISP to one that respects the safety of your Internet experience.
3. Contact your ISP and let them know how you feel about this problem.

I recommend that you send an email to your ISP at:
abuse@domain.com and postmaster@domain.com (domain.com being your ISP’s domain name). You may use the following template, or come up with your own message:


Subject: URGENT – email spoofing at [ISP name] Prority: High Dear [ISP name] Postmaster,I am an [ISP name] customer and I am very
concerned about the fact that you are not doing
enough to protect me and your other users against
email spoofing.
Recently, I have received a malicious email that
claimed to be sent from a party that I trust.

I do not wish to receive such emails.

This would not have happened if your email system
was using a widely adopted anti-spoofing solution
such as SPF. It is spreading rapidly and is currently
employed by most of the major ISP/ESP providers.

Another implementation is Yahoo’s Domain Keys.

For more information on these standards, please
review the following sites:

http://spf.pobox.com
http://antispam.yahoo.com/domainkeys

As an ISP/email provider you are responsible for
ensuring the safety of your members’ Internet
experience and as your customer I insist that you
take this matter very seriously.

I am looking forward to hearing from you soon.

Regards,

[Your name]


You could also get in touch with their Customer Support Department by phone and ask for this issue to be escalated to the appropriate department.This is not an effort in futility. I know several cases of ISPs that had been considering implementing an anti-forgery solution but didn’t really implement it [b]until[/b] their customers started complaining.At GetResponse staying on top of the latest email trends and solutions is our top priority, as to ensure the highest possible email deliverability for our users. Technologies like SPF and DomainKeys are dramatically helping in the battle against forged email, but are only partially effective unless more ISPs are on board.

If your ISP/ESP hasn’t seen the light yet and is letting forged email messages into their mail systems, please get in touch with them and help to make a difference. Your mailbox will thank you.

Simon Grabowski, CEO of GetResponse, an Implix Company.

GetResponse is an opt-in email service provider with over
7 years of managing autoresponders, newsletter hosting
and follow-up for small businesses and large corporations
.

Learn more: http://www.GetResponse.com

This article has originally appeared on GetResponse Blog.

18 responses to “Email Spoofing”

  1. email spoofing says:

    Yep, email spoofing is quite a problem. I’m experiencing spammers that are using my domains as the sender of their spam. I’m quite upset over this, but there does not seem to be a way to stop these spammers from doing so. It’s causing a problem on my server too as the bounced message queue builds up over time and I’m forced to log into my server and manually remove the bounced message queue. Otherwise the build-up of the queue can use up server resources if left unchecked. These spammers really stink.

    SPF looks interesting, but I’m not clear how to implement it. Besides that, it doesn’t seem to stop the bounced message queue from building up. It also seems that anyone sending their legit mail tied to domains on my server might get their email blocked by the recipient server should it not be sent by my server. In other words, if the sending server doesn’t match the SPF records for the domain in the sender’s email address, the email gets blocked even when it’s legit. That could cause problems for hosted domains and associated email addresses on my server.

  2. Photoshop Brushes says:

    Hey I’m viewing your site with the cake application and it looks pretty green, dpn’t undergo if this is your site or the browser. Anyway meet gift you a heads up.

  3. ScriptoX says:

    Nice post..Keep them coming šŸ™‚ Thanks for sharing.

  4. nice…good discurs about spam…

  5. Cristobal Choinski says:

    Hello, first I want to tell you that I follow your blog. Great post, I totally agree with you. Have a great day maty.

  6. Mikel Skold says:

    Hi there, nice site with good info. I really like coming back here often. There’s only one thing that annoys me and that is the misfunctioning of comment posting. I usually get to 500 error page, and have to do the post twice.

  7. Cecil Blotter says:

    fantastic blog I really like how you make it sound so simple.

  8. Alfred Morgret says:

    Good work, I need to hear more from you.Are you working in a Group that you can make such a good Blog?

  9. Get Back On Ebay says:

    Really, really good information. Thanks for your insight into this difficult subject. I’ve signed up for your feed and looking forward to the next update. Thank You

  10. Pearl Diegel says:

    I enjoy coming back daily to see your thoughts. I have your page bookmarked on my must read list!

  11. Ira Koitzsch says:

    I don’t agree with everything in this piece of content, but you do make some very good points. Im very interested in this matter and I myself do alot of research as well. Either way it was a well thoughtout and nice read so I figured I would leave you a comment.

  12. Myrtice Ormiston says:

    Hey, thanks for the article.Much thanks again. Fantastic.

  13. Jodi Poncho says:

    Nice to be visiting your blog again, it has been months for me. Well this article that i’ve been waited on so long. I need this article to accomplish my appointment in the college, and it has same topic with your article. Thanks, huge share.

  14. Lane Ladyman says:

    Thanks for an interesting article. After looking through different websites I finally found something worth reading.

  15. Misha Kosters says:

    Superb site, where did you come up with the knowledge in this piece of content? I’m pleased I found it though, ill be checking back soon to see what other articles you have.

  16. offshore bank account says:

    Awesome, just awesome… My partner and I haven’t any word to appreciate this post… Really I am impressed with this post… The particular person who created this post will be a new great human. Thanks for sharing this with us. My spouse and I found this informative and also interesting blog, its very useful along with knowledge

  17. Learn Speak Hindi says:

    What an excellent topic!

  18. Nita Reinsfelder says:

    There are a heap of nice ideas in this post. Iā€™m signing up to the feed.

GET THE LATEST UPDATES TO YOUR INBOX:

x

GET THE LATEST UPDATES TO YOUR INBOX:

x