One of the most confusing things about e-mail for many users these days is spoofed e-mail addresses. Most people by now have experienced receiving an e-mail infected with some type of malware that appears to be from their cousins, best friends, or mothers. But when you contact those people to ask them why they sent you the email or to let them know they are distributing infected e-mail, you discover that they never actually sent you the e-mail to begin with.
Most users have also had the opposite experience as well.You get the e-mail or phone call from your friends asking you why you sent them an infected e-mail message. It is also very common to receive an auto-reply from some mail server either letting you know that the e-mail you sent contained a virus or worm or that the user you allegedly sent the e-mail to does not exist.
All of these are examples of spoofed IP addresses. If I mail a letter to someone I could very easily write any name and address I choose in the return address portion. If I wrote your address in as the return address and the message was undeliverable it would get sent back to you rather than me. It is equally easy to alter or forge the address information on an e-mail.
Using Microsoft Outlook you can enter an address in the From field as well as altering the Reply To address thereby making it appear that the e-mail came from a different source and sending any replies back to that same source. On a corporate network it’s not as easy because it will actually check to see if you have permission to send on behalf of the address you are trying to send from. However, you can simply invent a non-existent e-mail address, even if it’s on a non-existent domain and that information is all the recipient will see.
Well… almost all the recipient will see. Going back to the postal mail return address example, I may be able to write a return address to make it appear the letter originated from California, but the postmark will bear the mark of the city and state of the post office it actually came from. Similarly, each e-mail message contains information about its true source within the e-mail headers.
In Outlook Express you can right-click on an e-mail message and select Properties to display information about the message. If you choose the Details tab you can click the button labeled Message Source and review information about exactly what server and IP address the message came from.You can view similar information in Microsoft Outlook by right-clicking the e-mail message and selecting Options to look at the Internet Headers.
It would help to stop the confusion and stop clogging users’ e-mail inboxes with useless messages if e-mail server antivirus programs were not configured to automatically reply to the sender. Originally it was a good idea. Rather than just blocking or cleaning the e-mail, a courtesy message was also sent to the originator of the message to inform them they had sent an infected message and that perhaps they needed to update their antivirus software or scan their system to make sure they didn’t continue propagating the malware.
For the past year or more, however, viruses and worms almost always spoof the source e-mail address. Many malware threats scan deep within infected systems to find addresses to propagate to as well as addresses to use in spoofing the source address.They look not only in the standard address book files, but also scan through temporary Internet files and other such data to find e-mail addresses embedded in Web pages.
That means that the “courtesy” response to the sender ends up at the wrong place and confuses some innocent user into believing their computer might be infected or wondering how or why they even sent an e-mail to that address in the first place.
The primary thing you need to know when it comes to the source address of an e-mail is not to trust it. Almost every part of an e-mail header can be forged with enough knowledge; fields like the Sender or From e-mail address and the Reply-To e-mail address can be changed simply by typing in a new one with some e-mail applications.
Exercise caution and an appropriate amount of common sense before choosing to open an e-mail message. Even if it appears to be from your brother, if the Subject of the message or the message itself seem suspicious or awkward it is better to err on the side of caution and simply delete it. When you receive a misguided response or auto-response to a message that spoofed your e-mail address you should simply delete those as well.
