Wednesday, January 4, 2017

How Is This Spoofing Done?

I just received another letter from my mother.  Since I am quite sure there's no PCs in Heaven (but perhaps in Hell) I looked carefully at the sending address:
Edna Cramer
That is not, and has never been, my mother's email address.  How do they fool Thunderbird into putting my mother's name there?

3 comments:

Rod Spade said...

The "To:" header can contain a name in addition to the actual email address. View the full headers of the message and see what they did.

Rounds said...

As I understand it, the header includes full sender information, such as:
"From: "First Last" "

No spoofing required, just parsing what's provided

Steve said...

If you have access to an SMTP server, you can do pretty much whatever you want.

Install a mail server on a Linux box. You can use telnet to connect on port 25 to send yourself a message. Hit the Google to see how to do it. The commands are simple. Make sure there's no routing to it from the internet, though it'll need outgoing access. I've never done this with authentication enabled, so I don't know how that works. An open relay will be fine as long as outsiders can't get to it, otherwise you'll be sending out v1@gra spam before you know it.