Thread: Email Forging

What is email forging?

Having you been receiving returned, rejected or bounced emails that you never sent?

What is going on you ask????

A spammer or even your grandmother can use any email they want as the return email address for their outgoing emails. This is called email forging…It is very simple to do and impossible to stop.

How simple is it forge a return email?

Simply set up a new email in your outlook or outlook express...You can put any email you want in the from field and the receiver will think it is coming from them...

If you used the email GeorgeBush (@) WhiteHouse.gov as your forgery , the email will appear like it was sent by the prez. If your email bounces G.B. will receive it....( Please do not try this, it is fraud and can get you in very hot water, If you do try it, PLEASE do not use the above example as your test or you might get a visit)

Why you?, Why did the spammer pick your eMail to forge?

Why not?

Does not quite answer how unique names appear in the "from field" in the skant 2% or so of forged emails returned as invalid, though......

OK, Boss, maybe you have to spell it out for me then: If an email was so generally "forged" and was returned from an invalid email, our servers would reject that email address since the account email aliases are alias-specifc right back to the forger (and be in a loop of undeliverability, right?).

For instance, how would a forger know to set up as Bobby.deptmgr@mydomain.com if scoured from an account set up for "general" domain delivery? And why does email forged as a generic sales@mydomain.com come back to the only valid email address on an account (ceo@mydomain.com) as spam when the account is only allowed to deliver/accept email exactly as addressed?
Shouldn't it be undeliverable as well?

There is a main email set for every account. (thats what the default email address is). Any email sent to your domain that isn't valid, is automatically forwarded to the default address. This was most likely put in for when people make typos, like sending an email to suppotr@yoursite.com instead of support@yoursite.com

Well, not exactly.
When you set up your email client, you have that option to have a forwarder enabled (which would in fact process mis-spelled aliases along with generic or even missing alises) or to have a specific email alias only enabled.....meaning that even mis-spelled addresses would bounce back to sender.

The "default" you are trying to pin down is the Account itself (which is the Webmail utility - not the webmail for each domain, but the entire account), but that too is very address-specific. There is no allowance for that to occur.

Next?
Don't get me wrong! I am grateful for the round-table, as I want to end this nuisance ASAP, but musings and postulations are not the means to accomplish it.

Yes the default is for the account, but is connected to every domain on the account. It WILL pick up any email sent to any of your domains that isn't valid.

Originally Posted by Vasili

Does not quite answer how unique names appear in the "from field" in the skant 2% or so of forged emails returned as invalid, though......

OK, Boss, maybe you have to spell it out for me then: If an email was so generally "forged" and was returned from an invalid email, our servers would reject that email address since the account email aliases are alias-specifc right back to the forger (and be in a loop of undeliverability, right?).

For instance, how would a forger know to set up as Bobby.deptmgr@mydomain.com if scoured from an account set up for "general" domain delivery? And why does email forged as a generic sales@mydomain.com come back to the only valid email address on an account (ceo@mydomain.com) as spam when the account is only allowed to deliver/accept email exactly as addressed?
Shouldn't it be undeliverable as well?

Actually NO. All servers are set up to accept all bounced and rejected incoming emails that are domain specific. What the forger places before the @ sign is completely irrelevant. A forger does not have to know what your real email is and in most cases doesn’t. He uses generic words before the@ like support, sales , admin, info, postmaster, webmaster, etc…. If any of those bounce they will be routed back to you. This is set up this way by us, so you have a understanding of what is going on with your email.

OK.....then what you are actually saying is forgers in fact are not using our utilities to send (or skip from) nor are they using/abusing our band or contributing to our email counts.....they are merely using a forged "identifier" to attempt to bypass spam filters and appear more innocuous to ISP's they are penetrating (trying to deliver to), right?
This is where you say "Yes" very clearly once and for all.....LOL

Thanks for spelling it out for us (me), Boss. Once we have a final assurance, I am sure it will easier for us to deal with as SOP.

No, they don't have to sent it on the same server as the domain is hosted. If you look at the how the php mail() function works. A simple one would look like

mail('you@yoursite.com', 'This is spam', 'Hahah this is spam', 'From: anyemail@anydomain');

There is no check if any of the emails are valid. It simply attempts to send the data to domain yoursite.com. if it is received by the site it will then process the received information. If the email exists it save the data at whatever location on the server stores the emails. The sender of the email is just located in the data that was sent. When you read the email its just grabing whatever the email has for the sender. It doesn't do any check at that point to verify it.

Oh an if you don't have a secure contact form or whatnot on your site its very possible that its being used to send spam even to yourself. But usually this goes to a working email address (because you have that specified in the script)

Very Interesting subject. I've been in computers since 1973 and wasn't aware that this was able to be done. Don't like spam ethier.

This is where you say "Yes" very clearly once and for all.....LOL

Yes