Email Spoofing and How We Can Protect Ourselves

One of our clients posed this question to us as a comment on our post Updates to Netfirms SMTP Authentication.

This is a great question and deserves a detailed response. Spoofing is a widespread issue on the internet as is viruses and spam . Unfortunately, it is very difficult to control and eliminate these occurrences and no web hosting company is immune to this problem. For information about e-mail spoofing, please refer to this Email Spoofing article titled Understanding E-mail Spoofing. This article will explain the technical stuff behind it and also give you a simple example you can follow in order to replicate email spoofing. Even the White House is susceptible to email spoofing. If you have a computer you can do it.

Tracking Spoofed Emails

You can try to locate the origin of this spam through spam e-mail full headers:

• Get the spam full headers

1. 1. If you are using Outlook Express right-click the message and select ”Properties’ and ‘Details’
   2. If you are using Outlook, double-click to open the message you wish to check, then go to ‘View’ and ‘Options’. Right-click and copy the headers inside “Internet Headers” box

• Go to http://www.spamcop.net/anonsignup.shtml to sign up; log in information will be e-mailed to your e-mail address
• Once logged in “Click on “Report Spam” tab
• Paste the full headers in the text box
• Click “Process Spam” button
• An e-mail address will be generated; you can use this e-mail address to report a spam abuse

Here are some tips in minimizing spam/junk mail to your account or having your email account spoofed (spammers may send mail in such a way that the e-mail appears to have been sent from your email address):

Web Forms vs Displaying Your E-mail Address

1. Don’t publish your email address on your web pages but rather use web forms to receive email. If you wish to publish your email address, place it in an image. This way web crawlers cannot spider through your web pages and extract coding to get your email address

OR

2. If you prefer not to implement a web form the alternative is to display your e-mail address in such a way that web crawlers would be unable to crawl it. This can be accomplished by displaying your e-mail address via a javascript similar to the example below (replace yourname and domain.com accordingly):

In the head of the html file we call the external javascript file with this command

in fun.js we put this code

And we call the function by putting this in the body of the html

Safe-Guarding Your E-mail Address From The Public

3. Don’t submit your email address to public forums, mailing lists, newsletters, etc. Similarly don’t give out your business card that contain your email address to contests or draws as often the info. get submitted to marketing campaigns where any number of individuals may have access to your e-mail address information.

4. For POP clients, filter email into a “junk” or “spam” folder which can be configured to be auto-deleted.

For more information regarding e-mail spoofing, please visit the following URL:
http://www.google.com/search?hl=en&safe=on&q=+email+spoofing&btnG=Search&meta=