What Is Spoofed Email And How Can You Identify It?
Randy Eadon
November 13, 2008
No one likes to get email messages that are false, such as when the information about the sender has been altered. Altering the "to: and from:" information in an email header is known as "email spoofing." Malicious users, especially spammers and password phishing schemes, often utilize spoofed email messages. However, because messages are disguised, it's often tough to spot spoofed email, and even more difficult to find out where it might be coming from. Here are a few tips on how to identify spoofed email and potentially stop it using reverse email lookups.
Spoofed emails are most often those that appear suspicious to begin with. Unsolicited sales messages, especially those of a lewd manner, are frequently spoofed. If a message appears to be from a trusted source (such as your network administrator), but encourages you to divulge private information or requests money, that's also a good sign that you're dealing with spoofed messages. If you think a message might be spoofed, take a look at the full email headers. These codes tell computers where an email is from, where it's going, and the route it has taken to get there. Spoofers trick computers into thinking the messages come from different places by altering email headers. In the headers you should see the phrase "Received: from" which should be followed by an IP address. Below this you should see "by" and another IP address. Each time this occurs in the headers should represent one computer that relayed the message. Make sure that the IP address matches up, that the next one on the "by" line is the same as the one on the "from" line on the next lowest listing. If these numbers don't match up, that's a sure sign that you're dealing with spoofed email.
Now that you know that the email address is spoofed, you might be able to learn more about where the message is from by using reverse email lookups. Reverse email lookups, some of which are free, are resources that let you search for information about mysterious email addresses. Of course, if you think the message is spoofed, you might not want to search for the address given in the "from" line. Instead, check to see what address is listed in the "reply to:" line. This address is more likely to refer back to the person who sent the message, especially in sales messages. While this method isn't fool proof, it can help you get started in your search to learn more about email spoofing.
So, if you need to find out who owns an e-mail address, this is a good way to find out whether or not that address was spoofed. Using these methods, you're one step closer to finding the information you need.
Spoofed emails are most often those that appear suspicious to begin with. Unsolicited sales messages, especially those of a lewd manner, are frequently spoofed. If a message appears to be from a trusted source (such as your network administrator), but encourages you to divulge private information or requests money, that's also a good sign that you're dealing with spoofed messages. If you think a message might be spoofed, take a look at the full email headers. These codes tell computers where an email is from, where it's going, and the route it has taken to get there. Spoofers trick computers into thinking the messages come from different places by altering email headers. In the headers you should see the phrase "Received: from" which should be followed by an IP address. Below this you should see "by" and another IP address. Each time this occurs in the headers should represent one computer that relayed the message. Make sure that the IP address matches up, that the next one on the "by" line is the same as the one on the "from" line on the next lowest listing. If these numbers don't match up, that's a sure sign that you're dealing with spoofed email.
Now that you know that the email address is spoofed, you might be able to learn more about where the message is from by using reverse email lookups. Reverse email lookups, some of which are free, are resources that let you search for information about mysterious email addresses. Of course, if you think the message is spoofed, you might not want to search for the address given in the "from" line. Instead, check to see what address is listed in the "reply to:" line. This address is more likely to refer back to the person who sent the message, especially in sales messages. While this method isn't fool proof, it can help you get started in your search to learn more about email spoofing.
So, if you need to find out who owns an e-mail address, this is a good way to find out whether or not that address was spoofed. Using these methods, you're one step closer to finding the information you need.
Print
Email
