Internet Guide Logo

What is spoofing in relation to email messages?

Last Edit: 10/01/12

Spoofing is when an email message is made to appear as if it came from address it did not. The header information of an email will usually contain the email address and IP address of the sender. The spoof email message - created by a spoofer - will doctor this data to make it appear as if it came from an email address and IP address it did not originate from.

The head of an email message will typically include the following,

Return-Path: <user@user.com>
Delivered-To: GMX delivery to user@mail.com
Received: (qmail invoked by alias); 22 Nov 2012 01:29:40 -0000
Received: from user.user.com (EHLO user.user.com) [11.111.11.222]

The part of the header which a spoofer will "spoof" is the user@user.com (senders email account) and 11.111.11.222 (senders ip address).

Spoofing has become more prevalent as Internet usage has increased, and especially as commerce has increased on the Internet. It's very common for spoofers to create email message purporting to be from a bank, asking for a users login details, due to some sort of security error. Alongside the email header being spoofed, these email usually look to be genuine, with the correct logo and branding.

Spoofing is possible due to a lack of sender authentication in the mail transfer protocol: SMTP. While steps have been taken to remedy this loophole, they are not always implemented (such as a Sender Policy Framework). There are a number of third party software applications - which are easy to download for free - which allows people to spoof.

Alternative explanation: Spoofing is a technique of "fooling" a computer network into believing that the data that is being sent/received is from a genuine source: when infact, it is not. Spoofing, in relation to the Internet, usually involves "making" data packets appear to be sent from an authorized IP address. Email spoofing is the most obvious example of spoofing; this is where an individual can send email messages purporting to be from a genuine email account. Email spoofing is easy to do due to the lack of authentication within protocols related to email: such as, SMTP. When email is sent using the SMTP protocol - part of the application layer of the Internet protocol suite - a MAIL FROM segment is a key component of the email message. The MAIL FROM segment of an email message informs the recipient of the email message which email address sent the message: this is displayed in the header section of the email message 'From:'. The problem with electronic mail and it's associated protocols is that no authentication is done to ensure that the computer sending the email message has the authority to send the message on behalf of that email address. Simple put, this ensures that email is inherently insecure, and also ensures that individuals can easily spoof an email account and create credible phishing emails. Phishing emails purport to be from an official source - such as a bank - and this is achieved by spoofing the email address so it looks like it was sent from the bank's email address.