Talk:Email spoofing

Latest comment: 3 years ago by John Maynard Friedman in topic Merger proposal

DKIM is unclear

edit

The article says that DKIM is a method to prevent email spoofing (fake return address), but the wikipage on DKIM says "DKIM signatures do not encompass the message envelope, which holds the return-path and message recipients." This indicates to me that DKIM does not offer any protection against spoofing. Please clarify. — Preceding unsigned comment added by 76.126.56.33 (talk) 04:07, 25 August 2013 (UTC)Reply

Removal of content

edit

I have reverted, again, removal of large slabs of content. If an editor considers that they should not be included in the article then please discuss it here, providing reasons for that view. Removal of significant content without proper discussion is considered vandalism and could result in a block. TerriersFan 03:42, 12 December 2006 (UTC)Reply

It's not relevant to email spoofing

edit

That content is about spoofing TCP sessions in general, so it belongs in another article. The person who made those reverts was actually improving the article. As you say, some discussion would have helped you understand the motive, but it wasn't vandalism even if done without discussion. Wholesale reverts are fine, and are not vandalism; they're being bold. Please assume good faith; it isn't helpful to make accusations of vandalism against users who have acted in good faith.

--82.40.166.183 12:16, 15 December 2006 (UTC)Reply

I agree. The vast majority of this content has nothing to do with email spoofing. It is about TCP/IP, a much more low-level topic. Superm401 - Talk 18:08, 19 January 2007 (UTC)Reply

How to solve this problem should be listed in the article.

edit

Methods of resolving the problem once it appears should be listed in the article. Thanks. Softlavender (talk) 10:31, 10 December 2008 (UTC)Reply

Legality

edit

A discussion of legality would be interesting, I believe it's not illegal unless there is an attempt to obtain sensitive information. I won't add this to the article since I'm not sure. Wolfmankurd (talk) 02:39, 6 January 2009 (UTC)Reply

Methods?

edit

how is this done? The article mentions tools, but does not specify any. Sephiroth storm (talk) 04:23, 16 August 2009 (UTC)Reply

Email hoaxes

edit

email hoax redirects here, but an email hoax doesn't necessarily use spoofing. Andrewa (talk) 18:34, 3 August 2010 (UTC)Reply

This article is misleading and should be rewritten.

edit

As this article is currently written it makes a false impression that e-mail spoofing involves some kind of "hacking". In reality it's not different from writting a false return address on the snail mail letter. There is no protection or authentication of any kind, the SMTP servers accept any valid address.--90.179.235.249 (talk) 04:15, 9 April 2011 (UTC)Reply

Consequences?

edit

I was looking to see what the consequences of spoofing might be. e.g. what security problems could arise from having been spoofed. But could not find any details in this article.

If anyone knows, can you please add them to this article.

Spoof victim 18.04.11Lynnefn (talk) 15:02, 18 April 2011 (UTC)Reply

I agree! If a worm is responsible for stealing addresses from an on line address book, please give a hint of the names or categories of the worms, or if they are typically removed by anti-virus software. Poor Alice, in the example, seems to need to take action to stop the spoofing, but what action should Alice take? Should poor Alice be changing her mail password, or do something else? That would make this article more complete and clearer. Prairieplant (talk) 08:05, 11 June 2013 (UTC)Reply

Seems to equate email spoofing with phishing

edit

email spoofing is no doubt used in phishing but phishing is far from an "explicit descriptor" of email spoofing. Vyroglyph (talk) 22:10, 19 April 2011 (UTC)Reply

I was hoping this article would answer my question

edit

The article says, "User1 triggers an e-mail address spoofing worm, and the worm finds the addresses user2@efgh.com, user3@ijkl.com and user4@mnop.com within the users e-mail address book."

User1 has those email addresses in his book? Now I received an email from one of my email addresses, and it said the email had been sent from me to other users in my address book for that email address. At the time it was sent, I was on a library computer which had given a message that it wasn't secure, but I interpreted this as being like when the man in charge of such things said something like, "That's a message which is trying to get us to pay for something we don't need to pay for."

He ran a scan after I told him what happened and never found anything wrong. I haven't found anything either (even though I opened the email on my own computer). I did, however, find the email in the sent folder of the address it was supposedly sent from.

Perhaps this is an example of something the article should cover.Vchimpanzee · talk · contributions · 19:30, 10 August 2011 (UTC)Reply

Recent edits

edit

Rohit.hacktify has just doubled down on two small changes which I'd reverted. It might help if I explain more clearly why I think these are wrong.

1.) The original wording in the intro says: Because the core email protocols do not have any mechanism for authentication it is common for spam and phishing emails to use such spoofing to mislead... - into which he inserts such as valid SPF records and DMARC Protection. My issue with this is that is the primary goal of this article to explain clearly what spoofing is and how it is possible - countermeasures are surely important but they are secondary.

2.) This text: However, SPF is not enough as the best mitigation for Email Spoofing as attacker can still manage to send a fake email if the dmarc policy is not set to reject. Aside from the poor capitilization this is just completely out of place and unnecessary. We've already given the details and links to the SPF, DKIM and DMARC articles, noted that these are "effective systems are now widely used". Of course they'll not be effective if they're configured poorly.

BTW, I don't have an opinion on mailservers vs mail servers.

Reverting again. - Snori (talk) 22:29, 10 September 2019 (UTC)Reply

@Snori: I hadn't seen this discussion when I rewrote the opening sentence. Does silence signify assent or at least acquiescence? --John Maynard Friedman (talk) 19:31, 5 September 2021 (UTC)Reply

Domain name spoofing

edit

FYI, I have created a disambiguation article Domain name spoofing since this is a generic term in common use. At present it contains IDN homograph attack, DNS spoofing and Email spoofing, as well as a see also of mitigation technologies. Please add any relevant articles. --John Maynard Friedman (talk) 18:22, 6 July 2021 (UTC)Reply

Arising from discussion with an article reviewer, I moved the content of that article into Domain name, where it has its own section. Domain name spoofing redirects to that article and section. --John Maynard Friedman (talk) 19:28, 5 September 2021 (UTC)Reply

Merger proposal

edit

I propose to merge Business email compromise into Email spoofing. I think that this very short article describes a specific case of email spoofing, that the topic is better described in that wider context. The Spoofing article is of a reasonable size that the merging of Business email compromise will not cause any problems as far as article size is concerned. Please comment here.--John Maynard Friedman (talk) 10:19, 5 September 2021 (UTC)Reply

My plan is to copy the Business email compromise article exactly as is, to be an additional section in this article. --John Maynard Friedman (talk) 19:25, 5 September 2021 (UTC)Reply
As no objections have been raised, I will go ahead with this merge. --John Maynard Friedman (talk) 17:21, 23 October 2021 (UTC)Reply
  Done --John Maynard Friedman (talk) 17:58, 23 October 2021 (UTC)Reply