Email Spoofing - A Simple Explanation
by Nelson Pardee

Email spoofing is the forging of email so it appears to originate from someone/somewhere other than the source. An analogy from postal mail would be to use a fake return address on the envelope. Why spoof? Mainly, it's to hide the real sender and trick the recipient into reading and responding to mail they would otherwise ignore.

Viruses commonly use spoofing to propagate themselves. They scan address books on the infected computer, randomly selecting addresses to be used as "from" and "to" fields on outgoing infected email. So, if a virus infects a FLUTE list member's computer and you are in his/her email address book, it's possible the virus will send an email to you that appears to come from FLUTE. Equally disconcerting (or worse!), it may construct an email that appears to be sent to FLUTE by you!

Other kinds of spoofing include "phishing", which is email purporting to be from a legitimate business but directs you to a bogus web site. That web site might pretend to be a trusted entity (such as your credit card company) and ask you to enter your credit card number, bank account, national id, or other personal information.

Thankfully, it is usually not possible to completely hide the originating computer. However, sorting that out often requires looking at the email's full headers, and deciphering full headers can be daunting unless you're pretty computer savvy.

Email is like most other aspects of life - some "fakes" are out there, and we must learn to spot them. So if an email seems a bit "strange" or "unusual," take a closer look. It might be spoofed.

Return to Main Page