Email Spoofing - Getting Emails from Yourself
From time to time, we receive comments from clients that someone has managed to hack in to their
email accounts and send out emails to third parties.
This is actually not hacking activity but something known as email spoofing.
The emails are actually not coming from our server or our clients' domain, but made to look like so.
Let's say your domain is firstname.lastname@example.org - it is very easy for someone to create an email account with that name and send it from another server, although it is actually coming from elsewhere.
In fact if you think about it, it is just as easy for someone to forge a letter using your company name and post it to a third party.
On the other hand it is much more difficult to hack into a well-configured server. In most cases, people with such skills
would not waste their time hacking into your emails but rather into banks and payment systems.
There is simply bigger fish to catch, so to speak.
So why would someone do email spoofing using your domain name? There could be many reasons, eg :
- Pranksters who see it as fun
- Competitors who are trying to make you look bad
- Saboteurs who want to get your IP address blacklisted
- Phishing activities
So what do you do if you are a Victim of Email Spoofing?
If you really want to, you can trace the IP address and try to identify the source but it will be difficult to trace the actual culprit. Depending on the content of the spoof email, the recipient may just ignore it completely rendering the sender's efforts worthless.
If the email content is important, the recipient can always call you up to confirm especially if common sense says to do so. If there is phishing activity, it may involve criminal elements and you can always lodge a police report and let the appropriate authorities follow up.
For more details on email spoofing, please read the Wikipedia article here