CUSTOMER COMMENTS
"I just wanted to let you know that Chris was able to solve something that really helped me out today. It is quite difficult in the transition with our wacky legacy systems, but he didn't let that stop him. Very! much appreciated."
Email Spoofing:
“Why would they send me that?”
What would you think if you received an e-mail message from the CEO of a large corporation spouting hate speech? How about a virus from your mother? What about a request for your username and password from your online banking website? Or even a message from the White House?
Most likely, you have received a message with a "spoofed" e-mail address. E-mail "spoofing" is the act of altering an e-mail header so that it appears to have been sent by someone other than the actual sender. The main protocol used to send mail through the Internet (SMTP -simple mail transfer protocol) does not include a method of authentication.
Some spoofed messages are from hackers trying to cause outrage by sending a damaging e-mail apparently from a well-known person or organization. Others use spoofed messages to attempt to gather confidential information, sometimes directing the recipient to a web site to enter information. Viruses also spoof messages using e-mail addresses found on the infected computer. By using a real address (but not the one for the account sending the message) there is a greater chance that a recipient will open the infected message.
Spoofing generally isn't illegal because no hacking is required, FBI officials say, leaving prosecutors with little recourse unless there's a threat of death or violence involved. And finding culprits is tough -- after all, they are using someone else's identity. The purported senders then get angry replies -- along with e-mails returned as undeliverable because they went to bad addresses or full mailboxes. These returns are how individuals and groups learn they've been spoofed.
Spoofing will only get worse as kids, pranksters and fired employees discover its ease. Leapfrog believes spoofing underscores the need for greater cyber-literacy so Internet users can better sort fact from fiction. Little can be done to prevent it without completely reworking mail protocols, which were developed when the Internet was far smaller and more genteel.
For those who regularly send critical, confidential, or financial e-mail messages, email validation services are available through several different vendors, including Leapfrog. The subscription service, called Leapfrog SecureMail, serves as an alternate approach to purchasing and managing multiple email security appliances in-house and is designed to protect clients' email systems from Spam, Denial of Service attacks, viruses, worms, and the risks associated with sending unencrypted email messages.
Tools such as Pretty Good Privacy (PGP), also ensure that a message has not been altered in transit.
Click here to find out more about our spam protection solution, Leapfrog SecureMail.
This article originally appeared in the July, 2003 issue of FrogTalk.
HOME | WHY LEAPFROG | SOLUTIONS | RESOURCES | CONTACT US
 |
 |
 |
A Member of TAG The Technology Association of Georgia |
© 2001-2008 Leapfrog Services Inc. 1605 Chantilly Drive, NE Atlanta, GA, 30324 |