Trending :Website
Update is in progress

WHAT IS EMAIL ?

Email "(Electronic Mail)" is the exchange of computer-stored messages by telecommunication. Email messages are usually encoded in American Standard Code for Information Interchange (ASCII) text. However, you can also send nontext files -- such as graphic images and sound files -- as attachments sent in binary streams.

Today's email systems are based on a store-and-forward model. Email servers accept, forward, deliver, and store messages. Neither the users nor their computers are required to be online simultaneously; they need to connect, typically to a "Mail Server" or a "Webmail Interface" to send or receive messages or download it.

Email is one of the protocols included with the Transport Control Protocol/Internet Protocol (TCP/IP) suite of protocols. A popular protocol for sending email is Simple Mail Transfer Protocol (SMTP), and a popular protocol for receiving it is Post Office Protocol 3 (POP3).

Email was one of the first activities performed over the internet and is still the most popular use. A large percentage of the total traffic over the internet is email. Email can also be exchanged between online service provider users and in networks other than the internet, both public and private.

WHAT IS EMAIL SPOOFING ?

Email spoofing is the fabrication of an email header in the hopes of duping the recipient into thinking the email originated from someone or somewhere other than the intended source. Because core email protocols do not have a built-in method of authentication, it is commonplace for spam and phishing emails to use said spoofing to trick the recipient into trusting the origin of the message.

The ultimate goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation. Although the spoofed messages are usually just a nuisance requiring little action besides removal, the more malicious varieties can cause significant problems, and sometimes pose a real security threat.

As an example, a spoofed email may purport to be from a well-known retail business, asking the recipient to provide personal information like a password or credit card number. The fake email might even ask the recipient to click on a link offering a limited time deal, which is actually just a link to download and install malware on the recipient's device.

One type of phishing – used in business email compromise – involves spoofing emails from the CEO or CFO of a company who works with suppliers in foreign countries, requesting that wire transfers to the supplier be sent to a different payment location.

REASONS FOR EMAIL SPOOFING:-

Denial-of-service Attacks: Although most well-known for Phishing P urposes. Yet, there are actually several more reasons for spoofing sender addresses.

  • Hiding the sender’s true identity
    though if this is the only goal, it can be achieved more easily by registering anonymous mail addresses.
  • Avoiding spam blacklists
    If a sender is spamming, they are bound to be blacklisted quickly. A simple solution to this problem is to switch email addresses.
  • Pretending to be someone the recipient knows,
    in order to, for example, ask for sensitive information or access to personal assets.
  • Identity Theft
    Sending messages in someone’s name can also be used to commit identity theft, for example, by requesting information from the victims financial or healthcare accounts.

    • Using Email Spoofing as of in phishing, Hacker's goal could be to get their targeted victims to:
  • Provide personal or financial information;
  • Turn over intellectual property and other proprietary information or data;
  • Perform a wire transfer or another electronic transfer of funds;
  • Provide login information or other user credentials;
  • Download a file from an email that contains Malicious software; and/or
  • Click on a malicious link.

    • HOW DOES EMAIL SPOOFING ATTACK WORKS :-

    Email spoofing is the creation of email messages with a forged sender address.

    Email spoofing is when the sender of the email forges (spoofs) the email header's from address, so the sent message appears to have been sent from a legitimate email address.

    "Email spoofing is possible because the Simple Mail Transfer Protocol (SMTP) does not provide a Mechanism for Address Authentication"
    Working of EMAIL Spoofing Attacks Contrary to what some non-tech users may believe, emailspoofing isn’t black magic. It’s not some hugely complicated task. It’s actually a very simple process that involves making email headers look like they’re coming from one person or organization when they’re really coming from another.

    The easiest way to spoof mails is for the attacker finds a mail server with an open SMTP (Simple Mail Transfer Protocol) port. SMTP lacks any authentication so servers that are poorly configured have no protection against prospective cyber criminals. It’s also the case that there is nothing stopping a determined attackers from setting up their own email servers. This is very common in In cases of CEO/CFO fraud. Attackers will register domains easily confused for the company they are impersonating, where the email is originating from – e.g. “@exarnple.com” instead of “@example.com”. Depending on the formatting of the email, it might be extremely difficult for a regular user to notice the difference.

    Although email spoofing is effective in forging an email address, the IP address of the computer sending the mail can generally be identified from the "Received:" line in the email header. This is frequently due to an innocent third party becoming infected by malware, which hijacks the system and sends emails without the owner even realizing it.

    *Tutorial for performing EMAIL Spoofing..

    PROTECTIONS AGAINST EMAIL SPOOFING:-

    PROTECTIONS AGAINST EMAIL Spoofing Attacks The email protocol SMTP (Simple Mail Transfer Protocol) lacks authentication, it has historically been easy to spoof a sender address.

    As a result, most email providers have become experts at detecting and alerting users to spam, rather than rejecting it altogether. But several frameworks have been developed to allow authentication of incoming messages:

  • SPF (Sender Policy Framework):
    This checks whether a certain IP is authorized to send mail from a given domain. SPF may lead to false positives, and still requires the receiving server to do the work of checking an SPF record, and validating the email sender.

  • DKIM (Domain Key Identified Mail):
    This method uses a pair of cryptographic keys that are used to sign outgoing messages, and validate incoming messages. However, because DKIM is only used to sign specific pieces of a message, the message can be forwarded without breaking the validity of the signature. This is technique is referred to as a replay attack.

  • DMARC (Domain-Based Message Authentication, Reporting, and Conformance):
    This method gives a sender the option to let the receiver know whether its email is protected by SPF or DKIM, and what actions to take when dealing with mail that fails authentication. DMARC is not yet widely used.

    • "To effectively stop forged email being delivered, the sending domains, their mail servers, and the receiving system all need to be configured correctly for these higher standards of authentication."

    Final Words:

    Unfortunately, as much as I’d like to say that emailspoofing is set to become a thing of the past, it’s not. Cybercriminals are always coming out with new ways to scam people and businesses into providing money and the most valuable currency of all: information. Whether it’s your personal or financial information — or that of your customers — it’s imperative to do everything within your power to keep it out of the hands of cybercriminals. But at least there are things that you can do to protectyourself and your business from the dangers of spoofed emails.

    Resources & References:

    WikiPedia.ORG , BARRACUDA.COM ,

    About Author :


    Mittal Kapdiya

    Mittal Kapadiya has well skill and experiences in Android & Web Application development. she has excellent catch on Python and various OS (Linux, Ubuntu & Windows ). She's so keen in Ethical Hacking and System Security Aspects and have good knowledge in it. Currently she's pursuing Masters in CYBER Security and is an active blogger at CYBER4ALL.

    Top