June 23, 2005

I’ve been spoofed!

Move over spyware, there’s another annoyance on the rise

By Rick Dexter
Special to the Times

This morning I woke up to 142 new e-mails in my inbox. More than half were from the “postmaster” of various systems telling me that the e-mail I sent didn’t make it through because the recipient didn’t exist, or because there was a virus in the e-mail. Now, I hadn’t sent any of those e-mails, and I didn’t even recognize the original recipient on the majority of them. I had been spoofed.

E-mail sender spoofing is increasing dramatically, particularly over the past several months. Spoofing is basically sending an e-mail using a forged sender address. It’s like writing a letter and signing someone else’s name at the bottom. Spoofing a sender on an e-mail is as easy as signing a letter with another name.

Most of the recent flurry is caused by new viruses and techniques being used to get through spam filter software.
Viruses will go through address books and look at files on a system for any e-mail addresses it can find. The virus will then start sending out copies of itself to e-mail addresses in the collected list, and randomly spoof the sender address with other addresses from the list. This makes it much more difficult to track down the real source of the infected computer, and much more likely someone will open the virus because it looks like a legitimate e-mail from a familiar person. When those virus e-mails are received by mail servers, messages called “bounces” come back saying the e-mail is undeliverable or a virus was found. The bounces are sent back to the spoofed e-mail address, winding up in inboxes of people who never actually sent the original e-mail. Spammers use similar spoofing tactics, because they know they have a good chance of getting through your filter if they spoof the e-mail address of someone you already communicate with.

Many people have asked me if changing their e-mail address will make the problem go away. My answer is yes, but only for a little while. As soon as your new e-mail address circulates to your friends, the problem will come back, sometimes within days. You can use rules in most modern e-mail programs to search for certain recurring text in the bounces and delete them before you read them. Sometimes you can investigate the “Internet headers” of an e-mail message to trace it back to the real sender, but it requires a bit of technical know-how and often leads to dead ends. It’s only worth the hassle in high-volume cases. It’s usually much easier to delete the bounce message and move on to the next one.

The rapid increase in this problem should accelerate the adoption of technologies designed to prevent spoofing, but these technologies must be implemented on a wide scale to be effective. Businesses should consult their IT experts about implementing these technologies within their corporate mail systems. Individuals should contact their Internet Service Providers directly and ask what they plan to do about preventing spoofing. As more computer networks adopt these anti-spoofing technologies, it will help to eliminate virus, spam, and other huge problems.

Rick Dexter, founder and CEO of NDYNAMICS Network Professionals in Campbell, lives in Almaden. Dexter has over 25 years of experience designing and supporting computer networks, particularly for small businesses and startups seeking reliable and scalable IT infrastructure. If you have a computer question that you would like to have answered in a future column, e-mail it to computerconnection@ndynamics.com.