Email Spoofing
E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam
often use spoofing in an attempt to get recipients to open, and
possibly even respond to, their solicitations. Spoofing can be used
legitimately. Classic examples of senders who might prefer to disguise
the source of the e-mail include a sender reporting mistreatment by a
spouse to a welfare agency or a "whistle-blower" who fears retaliation.
However, spoofing anyone other than yourself is illegal in some
jurisdictions.
E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication
mechanism. Although an SMTP service extension (specified in IETF RFC
2554) allows an SMTP client to negotiate a security level with a mail
server, this precaution is not often taken. If the precaution is not
taken, anyone with the requisite knowledge can connect to the server and
use it to send messages. To send spoofed e-mail, senders insert
commands in headers that will alter message information. It is possible
to send a message that appears to be from anyone, anywhere, saying
whatever the sender wants it to say. Thus, someone could send spoofed
e-mail that appears to be from you with a message that you didn't write.
