The American University in Cairo
School Of Business,Economics And Communication

1. What is email spoofing?

2. What can be done about it?

3. What can you do about it?


1.  What is email spoofing?

Email spoofing is practiced in order to cause embarrassment for the owner of the spoofed address, to veil the source of virus-laden emails or, often, to obtain sensitive information from spam recipients, again without revealing the source of the spammer. Email address spoofing works by substituting the details in the ‘From’ field of an email with an address either guessed or harvested from one of many available repositories of valid email addresses (including the address book of virus-infected computers). Usually the address the email is being sent to is also gathered from such a source. Making such a substitution and sending the email is a relatively simple procedure; the process is completed because there are few points at which the validity of the addresses can be checked along the route an email takes and the options for screening at these points are limited.

2.  What can be done about it?

To prevent spoofing, it is necessary to check the validity of email addresses at key stages along the path an email takes to its recipient. However, because email can be sent direct from a source computer to a recipient’s mail gateway, and because there are numerous ‘open’ email relays on the internet, it is currently impossible to prevent email addresses from being spoofed.


3.  What can you do about it?

It is impossible for any organization to prevent its email addresses being spoofed, but there are steps that email users can take to minimize the impact of spoofed email and spam.

  • Always treat email from people or organizations you do not know as suspicious, especially if the advertised benefit of reading the email or activating any attachments is attractive to you.

  • Consider whether the tone of the message or the language used is consistent with what you would expect of the organization or the sender.

  • Keep your computer protected with a reputable anti-virus package, and ensure you keep it up to date with the latest virus profiles.

  • Never give personal details or passwords out over the internet unless you have initiated the transaction and you are confident of the identity of the receiving party (for example by ensuring the transaction is encrypted).

  • Limit the number of sites on the internet at which you register your email address, and always make sure that any registrations you do make are with reputable organizations. This reduces the likelihood of your email address being harvested and hence being spoofed or appearing as the recipient in spoofed email.



    The American University in Cairo
       Updated 16th January 2005 | Site Feedback