Zyra's website //// SPAM //// e-mails //// Site Index

Spoofing


"Spoofing" is the faking of e-mail headers so as to give a false impression of their origin.

On one day in March 2004 I received over a thousand messages saying such things as "The e-mail that you sent has not been delivered" or "Your message has been rejected as spam!" etc. What's interesting and notable about this is the fact that none of the messages cited had actually been sent from this site! What had happened was that the perpetrators of the scam, perhaps feeling a bit sore that I had publically criticised the whole spam-sending thing online, faked up their messages so they appeared to come from a variety of random fictitious addresses at this site. You can see an example of the scam message here: VIA-GRA

Now, you might think no-one's going to be fooled by that. But they are. Surprising as it may seem, robots at servers such as www.nhs.uk , Yahoo, NTL, Tiscali, Caltec Law, rr.com , and even places with .edu on the end, were all fooled into sending silly "bounced" reports to the bogus addresses which the guilty parties had invented.

To draw an analogy in the physical world, supposing the advertisement cards which prostitutes have distributed and stuck on the insides of phone boxes had in small print: "Cards printed and distributed by [your name here]" and you found out this was going on and your name used in vain by some malicious prankster, wouldn't you be a bit surprised if the police were fooled by this and visited you and cautioned you in all seriousness for distributing the cards?!

But online, that's exactly what happens. The senders of spam can invent entirely arbitrary e-mail addresses and send messages which pretend to be from you, and at the receiving end the recipient machines are completely fooled by this!

Imagine receiving a penalty notice which said "You're in trouble because someone else has committed an offence and when asked their name, they said they were you. Guilty as charged!"

Of course the embarrassment is upon the design of the worldwide e-mail system for allowing such stupidity to continue. Logically it should be possible to determine where a message has actually come from, and to avoid the sending of false report messages. Apparently it's more difficult than it should be because some mail servers haven't got the DNS set up properly.

If this continues, it will not be just a matter of inconvenience, but a potential organised crime threat. It would be very easy for blackmailers to threaten to impersonate a company in various pernicious spam campaigns and, if they didn't pay up, to then have the company victimised as an accused spam-sender. The incoming "bounced" messages "returned" from thousands of badly-designed mail servers around the world could bring down a company. It's that easy to do!

So, what are we going to do about it? Well for a start, if you are building an e-mail server, don't program it so that if some anonymous person says "I'm Jo Soap, here's a spam!", you reply to the fictitious address and say "Hey Jo Soap, your spam has been rejected", because Jo Soap (who is entirely innocent) will be an unwitting target of your false report message!

Another thing that can be done is for everyone to understand that this goes on. If you receive a silly message, don't assume the sender-address is correct. It might be a cruel joke at someone else's expense. Also, if you receive a message pretending to be from Microsoft or from your bank, or from the Chief Bank Manager of Nigeria, don't be fooled!

Also see Bank Hoaxes, the Nigeria Scam, and messages from Microsoft

The worldwide e-mail system needs some redesigning to fix this problem, because if this kind of thing continues, sooner or later someone's going to get hurt.


Update: In December 2006, the International Net still hadn't been updated to cope with this spoofing nonsense, and so now Zyra .NET has received loads of spam bounced messages caused by the actual senders faking up the "sender" to look like the ridiculous messages came from here. Interestingly, this hasn't exactly made the header forging spam scamsters more popular here, and I suggest more strongly Never But From Spam. With a bit of an extra push we might be able to put them out of business. It's not as if they are doing that well at present, with only one click per 2,500 messages (source: cautionary tale of sending spam). Also notice to poor quality of spam lines - that tells you something about the level to which the market has already sunk!

Update 2012: Also note that the types of scamsters that use spoofing typically also use drop-boxes for the punters to reply to. This is their weak point, and by knowing about it you can hit back at the scamsters. They don't like that!