I need a link that articulates email spoofing
December 3, 2013 2:27 PM   Subscribe

I have a aunt-in-law who has been forwarding me junk emails she has received from a random email address with my name as the title. I've tried to explain to her that this is likely a junk from her computer's infection, not mine. Can someone send me a link that explains how that works in a simple way for someone of her limited understanding?
posted by miss tea to Computers & Internet (10 answers total) 1 user marked this as a favorite
Just explain to that email works just the same as a handwritten letter. If I write your aunt-in-law a letter and sign it 'Barack Obama', and then put the White House as the return address on the back of the envelope, it doesn't mean that it came from the President.

Email spoofing is the same as forging a signature and return address, as far as a non-technical explanation goes.
posted by pipeski at 2:44 PM on December 3, 2013 [1 favorite]

And actually, what you're talking about isn't 'spoofing' as such. Spoofing is when they send an email that appears to come from your email address. Just using your name is a sort of half-assed semi-spoof.
posted by pipeski at 2:47 PM on December 3, 2013

Response by poster: I've tried explaining it to her, with no positive results. I'm hoping to find a basic link that she will understand.

Thanks for the clarification. Is there a "correct" term for a use of my name but not my email? And am I correct in thinking her computer or one of the other members of the family's computer got infected?
posted by miss tea at 2:55 PM on December 3, 2013

In general this is called a joe job. I don't know of a special name for using someone's name but not their email address in a joe job.
posted by grouse at 3:02 PM on December 3, 2013 [1 favorite]

It may be coming from your computer... It's a little hard to tell. Do you have an example of an actual email in .eml format? You need to look at the email headers to see how the email is being spoofed.

It seems rather unusual that if it's your aunt's computer that is infected, the email addresses are only in your name... or is she "receiving" spammy emails from everyone in her address book or list of contacts?

If she is receiving spammy emails from everyone, the problem almost certainly resides on her machine.

If it's just you, then something may be sending out emails in your name. Did the email come from a webmail account? My old Yahoo emails (set up more than a decade ago) sometimes get cracked and Russian spammers send out emails to everyone on the list.
posted by KokuRyu at 3:03 PM on December 3, 2013

Response by poster: The header is not from my computer or webmail account. The sender domain is Italian (vodafone.it).

I did double-check by rerunning Symantec Antivirus on both of my computers.
posted by miss tea at 3:12 PM on December 3, 2013

Best answer: Does she have an account on Facebook (or other social media) whose friends list is open to the world? I've been getting a lot of spammy emails whose address is a random string but whose name is one of my friends; I presume the same is happening to people I know. Even if your friends list is closed, it becomes visible if someone sends a friend request--even if you don't accept it.

So: spambot sends a friend request, sees your list of friends' names, then uses their names to spam you and vice-versa. Since the email appears to come from your friend, you're more likely to open it and click on the link inside, even though the originating email address is not your friend's actual address (especially if your mail program hides the actual address).

I don't know for sure that someone is doing this, but it seems likely.

As for the original question: if she doesn't get the White House/Barack Obama analogy, it's not clear that she'll get anything. Maybe that's my end-of-semester cynicism talking, though!
posted by brianogilvie at 3:19 PM on December 3, 2013 [2 favorites]

When you send real email to her, do you use a signature?

If not, then start.

Tell her: "If the email doesn't end with the signature 'miss tea approves of this message' then it is not from me."
posted by jozxyqk at 3:34 PM on December 3, 2013 [2 favorites]

Response by poster: Yes, it must be the Facebook account. I had also wondered why she was emailing my gmail account (my fake/never check/public/registration email) rather than my personal email on my own domain. I will communicate that to her. Thanks.
posted by miss tea at 3:57 PM on December 3, 2013

If you have your own domain and access to a mail server start sending her mail from herself, or the FBI or local police or the pope or Satan. Then maybe she can start to understand what you are talking about. Way back in the beginnings of the interweb my university allowed for unrestricted access to the smtp mail server. We had a friend convinced that Bob Stark from the FBI was coming to pay him a visit due to some creative editing of headers and a phone message left on an answering machine. He was absolutely freaking out, but everyone had a hearty laugh once the prank was revealed.
posted by koolkat at 3:40 AM on December 4, 2013 [1 favorite]

« Older I'd do all the right things if I only had the...   |   Instinct doesn't appear to be working in this case Newer »
This thread is closed to new comments.