More specifically is the act of email spoofing, which may occur in different forms but all have a similar result: A user receives email that appears to have originated from one source when it actually was sent from another source. Similar to phishing, email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).
Attention Webmasters: Examples of spoofed email that could affect the security of your Web site include:
- email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this;
- email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information.
If your Web site provides email services to your user community, your users are vulnerable to spoofed or forged email. The reason why it is easy to spoof email is because SMTP lacks authentication. If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of the individual's choice. It can either be a valid email address or a fictitious address that is correctly formatted. In addition to connecting to the SMTP port of a site, a "spoofer" can send spoofed email via other protocols (for instance, by modifying their Web browser interface).
To find out what you can do, click on the link below!
NetLingo Classification: Technical Terms