My Corner Online


What is that in my inbox! Spoofing



Article written 10/23/09.


Have you ever had a flurry of e-mails indicating bounced e-mails to e-mail that you did not even send? Thereafter you receive e-mails from people asking what the e-mail was that you sent, right? Especially for those new to computers, this can be very scary.

This happened to me this morning. It has been a long time since it has happened to me, but I recognized it right away.

These messages are due to a worm. It is not a virus or a trojan. It is a worm and the worm, most often, is not even on your own computer! Yep, it is called "e-mail spoofing."

Here's more on spoofing.

When someone gets one of these worms, it will scan the entire inbox collecting every e-mail address it can find, whether in other e-mail messages or in the contacts. It chooses one of the collected addresses to be the "spoof" address. It places the spoofed address hidden as the "from" field and proceeds to e-mail the message from the original account to all of the other e-mail address. In other words, the messages go out from someone else's e-mail account with the appearance that it came from your e-mail account because your e-mail was "spoofed" in the headers.


So there is actually absolutely nothing you can do but to ride it out until the person whose machine is being attacked gets fixed. Most often it only runs its course on you once.


You forward a message to Aunt Claire and 50 of your other best friends, including Uncle Jake. Aunt Claire and Uncle Jake do not know each other. Aunt Claire likes the message and leaves it in her inbox. Aunt Claire gets this worm and the worm chooses Uncle Jake's address to spoof and sends out spam from Aunt Claire's account, appearing to use Uncle Jake's e-mail address, to 50 of your other best friends and every other e-mail address it can find in Aunt Claire's inbox or contacts.

Uncle Jake will get the original message sent to him by himself, along with bounced messages to accounts no longer active and bounced messages from Yahoo and Google Groups he does not belong to. Thereafter, he will get a flurry of e-mails from angry people he does not know (who happen to be your 50 best friends) wondering what the spam message was that they received.

Therefore, as you can see, Uncle Jake is guilty of nothing and is the victim because his e-mail address was chosen as the one to be spoofed. Aunt Claire is the guilty one, but has no idea any of this is going on in order to clean her machine of the worm. Uncle Jake might be able to put two and two together to realize that it is all of your friends e-mailing him in anger, but all you are guilty of is putting too many people in the "to" field of your forwarded e-mail.


This is why it is SO important to not forward e-mails to many people at one time. The more e-mail addresses in the "to" field of your message, the more e-mail addresses are sitting in someone else's inbox ready to be gathered, possibly spoofed, and hit with a spam message. Instead, use the blind carbon copy option to forward mass e-mails.

Then consider if the e-mail you send with 50 addresses in the "to" field is forwarded to someone else with all of the addresses still intact. That forward e-mail could end up on who-knows-who's computer that gets a worm. Always delete e-mail addresses from messages you send as best you can.


Sometimes when you receive one of these e-mails and you mark it as spam, you unintentionally place your own e-mail address in the blocked list. When this happens, if you are in a Yahoo Group and sending messages, you will wonder why you are not receiving your own e-mails back from the group. You will need to go into your spam settings to find the list of blocked e-mail addresses and remove your own address from the list.

This is also another good reason why you may want to clean in total the blocked addresses from time to time. You may be actually blocking someone you know without knowing that you did it should their address be the spoofed one.


.....and so don't open and click on that e-mail you received from me today. Sigh.