What do
you mean I sent you a virus
Most of you have probably seen at least one message in the last few months that
says something about your message being undeliverable because it contained a
virus or perhaps an undesirable attachment. This message usually comes in
the form of a RE with a subject line that you don’t recall sending and claims
that the message was intended for someone that you probably don’t even know.
Welcome to the world of email address spoofing.
Email,
plain and simple
Email, from the internet point of
view, is a very old process. It was designed when people used ancient devices
known as TTYs or Teletypes. These are text only with a keyboard and
continuous role of paper all built together. People would type their email
message and send them. Back in those days, the computer programmers thought that
simple was good. They devised a simplistic protocol to transfer email. In
that protocol everything was sent as human readable text. The To
and From fields of an email actually are denoted by the strings “To” and
“From”.
| Sample
Email Header |
| Date: Mon, 13 Oct 2003
20:08:39 -0400 |
| From: Joe Sender <JoeS@somedomain.net"> |
| To: Fred Receiver <FReceiver@otherdomain.org"> |
| Subject: What does an
email header look like? |
|
Also in those days, there was no concept of worms and
viruses and people were looking toward a utopia with all people communing
together in harmony on the internet. No safeguards or security checks were
built into the email protocol. The sending program was on its honor to put
the correct address of the sender into the message. Well, fast forward! There are still little or no safeguards or security checks that are globally
accepted by the email protocol. The sender is still on its honor to put
the sending address in. Surprise! Worms put other people’s addresses into
the From field. This action is call spoofing. (You may also
see the word spoofing in other contexts such as IP address spoofing.)
So how
did that message get to me?
Most of the current email worms will scan a system
for email addresses. The addresses may be found in address books or even
in documents or deleted files on the disk. The worms will then attempt to send
themselves to every address that they locate. They will pick one or more
of these addresses at random to use as the From address. Many well
meaning email administrators have configured their systems to return a polite
message to a sender if the received message had a virus. They thought that
maybe the sender was unaware of their virus and this was a public service.
Well, it was for awhile. The current rash of email worms has turned that
intended kindness into an annoyance. Consider the person whose email
address is well known (in an address book) to a large number of people.
That person may receive hundreds of messages indicating that they sent a virus
to someone that they do not even know. Many of those same email
administrators are beginning to change their servers to not return emails about
detected viruses, because they now realize that there is no way to know where
the message really came from.
|
