 |
|
Forged email Email header addresses can be forged Email forging or spoofing refers to email that appears to have originated from one source while actually having been sent from another. Email messages can contain forged "TO:", "FROM:", and/or "CC:" addresses. These forged headers may contain your address or the address of people you know.Why does this happen? Phishers, spammers, and creators of viruses use forged headers to lure people into reading email and sending them personal and/or sensitive information. They know this is more likely if you think the message originated from someone you know. Spammers can obtain lists of email addresses which may include valid UB addresses. They use these addresses in the "FROM" field of the spam they send. If your email address is one of those selected, the spam looks as though it came from you and consequently, as if it came from within the university. UB receives complaints about this from individuals within and outside the university. If your name is forged as the sender of an email message, it does not necessarily mean that your account/computer has been compromised. The email was not sent from your account, rather, it was sent forged in your name. [Your computer may be infected/compromised, of course, so it is prudent to check, but if you have been using antivirus software and kept it up-to-date, you are probably not the victim of a virus or other malicious software attack.] You may discover your email address has been forged if you receive delivery rejection notices for messages you did not send or receive complaints from people who believe you are the sender of spam. US Mail Address Analogy A letter you receive in the mail may contain a return address. This return address is not verified and can be anything. [This is similar to the FROM line in an email message.] You can look at the postmark on the envelope and see where the message originated. You may notice a return address that is from a different location than the postmark. That is, the address can also be forged on a letter mailed via the US Postal Service (USPS). The USPS will send the letter as long as the "TO" address exists, otherwise it will return the letter to the sender.Looking at the postmark and comparing it with the return address on the envelope is similar to looking at the full headers of an email message. Headers contain the addresses of all the computer systems that have relayed a message between the sender and you. This information allows you to determine where a message actually came from and how it got to your computer. Instructions on how to display full headers for some of the more popular email software are found at the following URL: http://www.uic.edu/depts/accc/newsletter/adn29/headers.html The Received: headers tell you where the message originated and the route it took to get to you. Received headers are read in reverse order. The sequence from the last Received: header in the message's headers -- that is, the one furthest down in the headers, which is the first Received: header added to the message -- to the top Received: header takes you from the email server where the message originated to a local incoming email server, and finally, to your inbox. The address in the first Received: header shows you where the message actually came from. Frequently Asked Questions
Last Updated 11-28-2007 Questions or comments about this site should be sent to: peters@buffalo.edu Copyright 2007, University at Buffalo. All rights reserved. |
|
|