Back to WHRO.org

  Getting Help
  System Requirements
  Access Numbers
  Software Links
  Terms and Conditions
  Spam & Spyware
  WHRO Web Express Mail
  Sign-up Now
  Podcasting Help
  Virus Alerts

Email "Spamming" and Email "Spoofing"

Two terms to be familiar with in these days of increased communication via electronic mail: email "spamming" and email "spoofing".

Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter. Spamming is often done deliberately to use network resources. Email spamming may be combined with email spoofing, so that it is very difficult to determine the actual originating email address of the sender. Some email systems, including our Microsoft Exchange, have the ability to block incoming mail from a specific address However, because these individuals change their email address frequently, it is difficult to prevent some spam from reaching your email inbox.

Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Individuals, who are sending "junk" email or "SPAM", typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator.

Malicious Spoofing

There are many possible reasons why people send out emails spoofing the return address: sometimes it is simply to cause confusion, but more often it is to discredit the person whose email address has been spoofed: using their name to send a vile or insulting message.

Sometimes email spoofing is used for what is known as "social engineering", which aims to trick the recipient into revealing passwords or other information. For example, you get an email from what appears to be the LSE's email administrator, or from your ISP, asking you to go to a Web page and enter your password, or change it to one of their choosing. Alternatively, you might receive an email asking for detailed information about a project. The From field suggests that the message comes from the LSE, but instead it is from a competitor.

Dealing with a Spoofed Email

There is really no way to prevent receiving a spoofed email. If you get a message that is outrageously insulting, asks for something highly confidential, or just plain doesn't make any sense, then you may want to find out if it is really from the person it says it's from. You can look at the Internet Headers information to see where the email actually originated.

Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.

Displaying Internet Headers Information

An email collects information from each of the computers it passes through on the way to the recipient, and this is stored in the email's Internet Headers.

1. With the Outlook Inbox displayed, right-click on the message and click on the Options command to display the Message Options dialog box.

Internet Headers are best read from the bottom up, as they are added to as the email passes through the system.

2. Scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the email’s origin. The most important information follows the “Return-path:” and the “Reply-to:” fields. If these are different, the email is not who it says it’s from.