Email Spoofing and Prevention

Email spoofing may occur in different forms, but all have a similar result: a user receives an email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Examples of spoofed email that could affect the security of your site include:

  • Email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this.
  • Email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information.

Email spoofing can be done by one of the valid users on a domain or users on external domains.


Cause

The basic SMTP protocol does not provide a mechanism to authenticate users. Since mail envelope addresses are so easy to fake, you can't know who is sending mail to your server unless you have a reliable means to authenticate clients. To allow mail relay on your server, you need assurance that senders are who they claim to be as you cannot rely on the sender's email address as identification.


Solution

Prevention of spoofing by users on the same domain Mithi Connect Xf is by default configured to accept only authenticated SMTP. SMTP authentication along with the capability of rejecting SMTP connections with sender login mismatch ensures that within a domain, a user cannot masquerade as another without explicit permission.
A user can send mail either using a desktop email client such as Outlook/Thunderbird or via the web mail client.

When an SMTP connection is made from the desktop email client to the mail server, the server requests for the user credentials. These include the login id and password. These credentials are maintained by the client and communicated to the server over secure protocols. On receipt of the credentials, the server ensures:

  • That the user is a valid user for the domain and the entry is found in the domain directories.
  • The password supplied matches with the password in the server.
  • The From id of the MIME (the format is which a mail is transferred) matches the user id given in the credentials.

If any of these tests fail, then the mail is rejected.

A user connecting to the server using telnet access to the port 25 used for SMTP will also need to supply the credentials before the SMTP transaction is completed.


Business v/s Consumer Email Accounts (M) 2013-2017


Worldwide daily email traffic (B) 2013-2017


Global Spam Statistics


What is an 'email spoof'? It is a type of phishing attack?


Why Would Someone Fraudulently "Spoof" an Email?


How to recognize email spoofing (fake Emails)?


How to prevent email spoofing?


Steps to be taken if your mail Identity has been spoofed

  • Report about the Spoofed mails to your Internet service provider and notify them through Email
  • Change your password immediately for all your other accounts.
  • Enable Sender filtering
  • Enable recipient filtering
  • Further do not respond to any mails which have personal information from the forged Mail ID
  • Add and update the block list regularly with the spammers, either their domain name or their email addresses
  • Regularly Check with your email service provider for security tips