|
-
August 30th, 2005, 07:40 PM
#1
Sending an email from a fake address
Hi everyone,
I'm sorry, but I have forgotten the proper term for this. I remember using an online shell account to do this, but basically what it is is sending an email but as if it were from another address. In the attachment provided, I have inputted my email address into the online forums I maintain - and whenever a group email is sent out, it comes from my address (yet I never inputted my password). I'm pretty sure it's just altering the email's header, but I really can't remember how I ever did it. I'm just interested, and would like to find out more about the topic. 
Also, isn't that a really easy way to scam? I mean, if you found out someone's email address, you could send some pretty horrible things as if they were from that person rather than yourself. I know that your IP address could be traced and stuff, but it's still quite dangerous, isn't it?
Thanks!
-
August 30th, 2005, 07:47 PM
#2
It's called spoofing and it's a very simple thing to do. It can be an easy way to scam especially when digital signatures and message signing aren't in use.
Alot of mail applications and api's will allow you to send email with whatever you like in the 'from' field.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
August 30th, 2005, 08:03 PM
#3
Also, isn't that a really easy way to scam? I mean, if you found out someone's email address, you could send some pretty horrible things as if they were from that person rather than yourself. I know that your IP address could be traced and stuff, but it's still quite dangerous, isn't it?
Pick a couple random pieces of spam, cut and paste the header into Sam Spade's email parser and you will see they are all forged, and maybe the one from your girlfriend asking for you debit card PIN is too . . .  . Its just a weakness of SMTP.
Read more here :
http://www.cert.org/tech_tips/email_spoofing.html
And at a plethora of other googleicious links.
-
August 30th, 2005, 08:31 PM
#4
Ahh...email spoofing! Thank you Juridian for that extra bit of info, and hesperus for the link to that email parser! Actually, I filter my email pretty heavily, so I hardly ever get any junk mail!
So I guess that's the problem with web based email accounts - (most of the time) you can't use digital signatures or other methods of security. And do mail programs really allow you to change the "From" field? Hm, I guess I don't use them often enough! Hehe!
Talking about email apps, I'm pretty sure Google allows POP3 and SMTP access via external programs...Thunderbird here I come! Anyway, thanks guys for that info! 
-
August 30th, 2005, 08:43 PM
#5
Originally posted here by J_K9
So I guess that's the problem with web based email accounts - (most of the time) you can't use digital signatures or other methods of security. And do mail programs really allow you to change the "From" field? Hm, I guess I don't use them often enough!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Actually, that's not quite correct. A digital signature is tied to a
name and or address, but it can still be used with an email web form.
This post, for example, has been digitally signed by my PGP key (for
email...so it's in *violation* of its intended use...not really
accurate, but the right idea.) You can use some digital signatures
and some applications with webmail, depending on the applications and
cert's you are using.
The problem with spoofing email is exclusive to a digital signature.
It is common practice for some listserv's and forums to send
announcement "from you" based on your account. In reality, as
*Juridian* and *Hesperus* have said, the From address is
spoofed...but not necessarily with the intent to defraud...just to
make things conform with their idea of how it should be done.
What digital signatures can do is help a recipient verify the sender
is legitimately who they claim to be, regardless of "From"
address...although this is more involved than I will go into here.
To learn more, keywords to search on would be "pki" which stands for
"Public Key Infrastructure", "digital certificate", and
"nonrepudiation" might even get you some good hits. I bet there's a
PGP tutorial; if not, I'll get busy writing.
Hope this helps some more.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBQxS2scl4AKdBhwmpEQJnHwCeLyl7U6ETQQztqJr9DS+fYXeHaaoAoLfn
5+tyKya2jgPprvHq10idKxVa
=8Ksy
-----END PGP SIGNATURE-----
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
August 31st, 2005, 12:14 AM
#6
Thanks zencoder for that! I really appreciate it! I'm now going to go and look up some of the stuff you mentioned... I've used PGP before to encrypt files and stuff, but I've never really understood Public Keys and what on earth they were (although that's slightly different! Hehe!). Well, now's my time to learn about them, digital signatures, and everything else mentioned! Thanks again!
-
September 1st, 2005, 05:25 PM
#7
Member
Zencoder a tutorial would help alot of people including me .
Since there are so many PGP programs outthere and the Public key confuses alot of people.
-
September 1st, 2005, 06:22 PM
#8
One of the best explanations of how public private keys work was from a citrix Training session I took years ago.
Goes like this (All from memory so it might not be exact)
Jim wants to ask Sally to the dance on Friday.
Jim and Sally only share one class (math) and Billy sits between Jim and Sally. Billy "likes" Sally - no love lost between Jim and Billy
So during math, Jim puts his open pad lock in his lunch box and asks Billy to pass is to Sally.
Billy opens the lunch box, sees the open lock, and continues to pass it on to Sally.
Sally opens the lunch box, puts her open pad lock in and locks the lunch box with Jim's pad lock. Then passes the box back through Billy to Jim.
Jim opens the lunch box (now locked with a pad lock that only he has the combo to) puts in his open pad lock and a note asking Sally to the dance. Then he locks the lunch box with Sally's pad lock and passes it back through Billy.
Sally opens the lunch box, writes her answer, puts in her open pad lock, locks the lunch box with Jims lock and passes it back to Jim.
Jim opens the lock, reads the reply, puts Sally's open pad lock back in the lunch box and passes back to Sally. On the way back, Billy looks in the lunch box and sees the open lock then gives the lunch box to Sally.
Sally takes out her lock and passes the empty lunch box to Jim - Which, of course, Billy looks in on the way to Jim.
edit: pasting from word did a double entry. ???
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
September 1st, 2005, 11:06 PM
#9
thats suppoused to be an easy description oO
-
September 2nd, 2005, 12:54 AM
#10
Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
