Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

E-mail impersonation/manipulation

Status
Not open for further replies.
Guest_imported

Guest_imported

New member
Joined
Jan 1, 1970
Messages
0
I have a question regarding e-mail. How feasible would it be for someone to create an e-mail with a message that did not actually come from me? And one was created, how would one find out where the e-mail came from? If the e-mail was a conversation, and the conversation had been edited or changed, does the e-mail host have a record of each e-mail transaction so that the original text of each e-mail response can be traced? Thank-you for your responses...
 
Sort by date Sort by votes
The KLEZ virus can do this quite easily and has done this to thousands of perople already. And no you can't not determine where the mail actually originated from which is the intention of the virus. joegz
"Sometimes you just need to find out what it's not first to figure out what it is."
 
Upvote 0 Downvote
If you look at the detail of headers there are various 'IDs' such as
[tt]
---------------------------------------
Return-Path: <notifyme@tecumsehgroup.com>
Received: from mailgate2.sover.net (mailgate2.sover.net [209.198.87.64])
by mailhub1.sover.net (8.11.6/8.11.6) with ESMTP id g8ICtOh27256
. . .
18 Sep 2002 08:55:25 -0400 (EDT)
Received: from mail.tecumsehgroup.com (mail.tecumsehgroup.com [216.45.19.20])
by mailgate2.sover.net (8.11.6/8.11.6) with ESMTP id g8ICtNV24624

. . .
Message-Id: <200209181255.g8ICtNV24624
[/tt]
-----------------------------------------

These can be used to trace the casual 'spoofer'.

How easy is it to do? Very easy.

e.g. Eudora &quot;automation&quot; If I make a file, spoof.msg
--------------------------------------------
[tt]
To: someone@somwhere.net
From: aUmana@Tek_Tips.com
Subject: Spoof Sample

How are you doing today? Attached is your Klez.
[/tt]
--------------------------------------------

And then ran Eudora with the Sppof.msg as a parameter, it would be placed in the Eudora outbox, not with my name as 'From', but yours, or anyone else I wished to assign it to.

&quot;From: Santa@NorthPole.Com&quot; is good for kids at certain times of the year.

Spoofing is very simple to do but it is not untraceable, to the best of my knowledge, as with the IDs and enough prowling through logs one can find out the actual originating dial-in or workstation/user.


-------------------------------------------

Finally, regarding e.conversations, copies of Emails are not 'generally' stored at ISPs, that would be a privacy violation.

In that case there is no way that I know of to prove content of a message from copies.

Messages generally are stored in corporate environments as they belong to the company, in the US at least.

9/11 may have changed that considerably, many more are likely being stored in various places but that probably will not help someone who claims they never sent a message.

&quot;Hello, NSA? Would you please send me a copy of that message I sent to Mary Lambkins at 3:00 this afternoon to prove it was not harassing?&quot;

I don't think so.

Many environments do not have the time, inclination or sometimes knowledge and skill to trace an Email source, so your claim lf &quot;I never sent that.&quot; is likely to fall on deaf ears.

If you suspect a person is stealing your email identity it would be a very good idea to start using digital signatures, at least.


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SitesMasstec
  • Locked
  • Question Question
Sending HTML e-mail
Replies
1
Views
612
SitesMasstec
SitesMasstec
MP2023
  • Locked
  • Question Question
Mail Server
Replies
0
Views
460
MP2023
MP2023
Abubakkar Siddik
  • Locked
  • Question Question
Migrating users from Mail Enable to Office 365
Replies
0
Views
526
Abubakkar Siddik
Abubakkar Siddik
bkoopers
  • Locked
  • Question Question
Turning off Tek-Tips email notifications
Replies
0
Views
507
bkoopers
bkoopers
johncp
  • Locked
  • Question Question
gmail stopped supporting mail clients signing with username and PW only
Replies
1
Views
1K
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top