Email Spoofing
Posted by: Margaret
Rouse
Contributor(s):
Peter Loshin
Email spoofing is the forgery of an email header so
that the message appears to have originated from someone or somewhere other
than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more
likely to open an email when they think it has been sent by a legitimate
source. The goal of email spoofing is to get recipients to open, and
possibly even respond to, a solicitation.
Although most spoofed email falls into the nuisance
category and requires little action other than deletion, the more malicious
varieties can cause serious problems and pose security risks. For example, a
spoofed email may purport to be from a well-known shopping website, asking the
recipient to provide sensitive data such as a password or credit card number.
Or the spoofed email may ask the recipient to click on a link that installs
malware on the recipient's computing device. One type of spear phishing used in business email
compromises, involves spoofing emails from the CEO or CFO of a company who
works with suppliers in foreign countries, requesting that wire transfers to
the supplier be sent to a different payment location.
Email spoofing is possible because the Simple Mail Transfer Protocol (SMTP) does
not provide a mechanism for address authentication. Although email address
authentication protocols and mechanisms have been
specified to battle email spoofing, adoption of those mechanisms has been slow.
The SMTP AUTH extension specified in RFC 4954, "SMTP Service Extension for
Authentication", defines a way for an SMTP client to negotiate an
authentication mechanism with an SMTP server to authenticate the client and, if
desired, to set up additional security on the client-server
session.
Some other proposed solutions to authenticating email
senders include Sender Policy Framework (SPF), a protocol
defined in RFC 7208 to allow domain managers to authorize individual hosts to
use a domain in email; Domain-based Message Authentication, Reporting and
Conformance, defined as an email authentication protocol in RFC 7489; and
DomainKeys Identified Mail, which provides a way to validate a domain name
identity associated with a message. Sender ID, described in RFC 4407, is an
experimental protocol based largely on SPF and promoted by Microsoft, but
failed to gain any significant deployment.
To prevent becoming a victim of email spoofing, the FBI
and the Federal Trade Commission urge recipients to
keep antimalware software up to date, be wary of
tactics used in social engineering and contact the sender
directly when sharing private or financial information instead of responding
through an email.
|
For a great satire on email, please see the following:
https://www.youtube.com/watch?v=HTgYHHKs0Zwscoop_post=bcaa0440-2548-11e5-c1bd-90b11c3d2b20&__scoop_topic=2455618
===============================================
Good Netiquette And A Green Internet To All!
Special Bulletin - My just released book,
"You're Hired. Super Charge our Email Skills in 60 Minutes! (And Get That Job...)
is now on sales at Amazon.com
Great Reasons for Purchasing Netiquette IQ
·
Get more
email opens. Improve 100% or more.
·
Receive
more responses, interviews, appointments, prospects and sales.
·
Be better
understood.
·
Eliminate
indecision.
·
Avoid
being spammed 100% or more.
·
Have
recipient finish reading your email content.
·
Save time
by reducing questions.
·
Increase
your level of clarity.
·
Improve
you time management with your email.
·
Have
quick access to a wealth of relevant email information.
Enjoy
most of what you need for email in a single book.
=================================
**Important note** - contact our company for very powerful solutions for IPmanagement (IPv4 and IPv6, security, firewall and APT solutions:
www.tabularosa.net
==================================================
Another Special Announcement - Tune in to my radio interview, on Rider University's station, www.1077thebronc.com I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:www.amazon.com/author/paulbabicki
In addition to this blog, I maintain a radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
I am the president of Tabula Rosa Systems,
a “best of breed” reseller of products for communications, email,
network management software, security products and professional
services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.
=============================================================
No comments:
Post a Comment