E-Mail Impersonator.

Inside the Internet.
March 12 2002 7:46 PM

E-Mail Impersonators

How to identify "spoofed" e-mail.

Editor's note: To read the complete explanation of how Slate was duped by an e-mail spoofer, see this "Press Box" column.

After my wife cast her ballot on the morning of Election Day 1996, she arrived at work to find an e-mail from none other than the president of the United States (president@whitehouse.gov). He thanked her for her vote and promised to address her hot-button issues of education and women's rights. She was a little disturbed, but as it turned out the sanctity of her secret ballot hadn't been compromised. Someone (her husband) had merely sent her a spoofed e-mail.

E-mail is considered "spoofed" when the e-mail address in the "From" field is not that of the sender. As Slate learned so publicly last week, believing what you read in spoofed e-mail can cause huge embarrassment, so if you receive an e-mail from George W. Bush or a man purporting to be an executive of a European carmaker, trust us: It might not be on the level. The bad news is that it's not very hard to spoof e-mail, but the good news is that it can usually be detected. To detect spoofed e-mail (and boy, do Slate's editors wish I'd written this piece last month!) you need to understand how e-mail is sent on the Internet.

  1. First, your e-mail program (e.g., Outlook, Eudora, Hotmail) sends mail to an SMTP (Simple Mail Transport Protocol) server, a computer that understands how to relay your e-mail
  2. from SMTP server to SMTP server across the Internet, until
  3. it arrives at its penultimate destination, the recipient's mailbox. The mailbox stores this e-mail until
  4. finally it's fetched by an e-mail program, so its recipient can read it.


Like a well-paid courier, SMTP just passes along what it was given. I tell Outlook my e-mail address, but neither it nor the SMTP server provided by my Internet service provider has any way to verify that it's true. Just this minute, I changed my Outlook settings to say that my name is Mork, e-mail address mork@ork.planet, and Outlook happily sent more mail to my wife, who is tiring of my little shenanigans. ISPs smarter than mine configure their mail servers to be more restrictive about the e-mail they'll accept, attempting to verify the veracity of the sender's address, but a determined spoofer usually knows how insert e-mail further along the transmission chain.

Every e-mail contains a hidden component known as a "header" that details its transmission history. By viewing the header and doing a little detective work you can usually spot the telltale signs of spoofed e-mail. Investigating suspicious e-mail is a relatively technical process. To do so, check the headers:

  • In Outlook, select View/Options.
  • In Outlook Express, select Properties/Details.
  • In Pine, type H.
  • In Eudora, click on the "Blah Blah Blah" button (I love that).
  • In Hotmail go to Options/Mail Display Settings/Message Headers and select "Full."
  • In Netscape, select View/Headers/All.
  • In Yahoo! Mail select "Full Headers."
  • See the help file of e-mail programs not mentioned here and look up "headers."

At first glance headers looks like gobbledygook, but in time … no, it will always look like gobbledygook. You just have to tough it out.

The first thing to check is the From field, which will look like one of these:

From: George W. Bush (president@whitehouse.gov

From: president@whitehouse.gov (George W. Bush)

From: George W. Bush

Look for a discontinuity between the friendly name and the e-mail name. If the friendly name is "George W. Bush" but the e-mail address is fred@spammers.com, or if the e-mail name is missing entirely, the e-mail may be spoofed. But a sophisticated spoofer won't make this simple mistake.



Forget Oculus Rift

This $25 cardboard box turns your phone into an incredibly fun virtual reality experience.

The Congressional Republican Digging Through Scientists’ Grant Proposals

Renée Zellweger’s New Face Is Too Real

Sleater-Kinney Was Once America’s Best Rock Band

Can it be again?

Whole Foods Is Desperate for Customers to Feel Warm and Fuzzy Again

The XX Factor

I’m 25. I Have $250.03.

My doctors want me to freeze my eggs.

The XX Factor
Oct. 20 2014 6:17 PM I’m 25. I Have $250.03. My doctors want me to freeze my eggs.

Smash and Grab

Will competitive Senate contests in Kansas and South Dakota lead to more late-breaking races in future elections?

George Tiller’s Murderer Threatens Another Abortion Provider, Claims Free Speech

These Companies in Japan Are More Than 1,000 Years Old

  News & Politics
The World
Oct. 21 2014 3:13 PM Why Countries Make Human Rights Pledges They Have No Intention of Honoring
Oct. 21 2014 1:12 PM The Global Millionaires Club Is Booming and Losing Its Exclusivity
The Vault
Oct. 21 2014 2:23 PM A Data-Packed Map of American Immigration in 1903
  Double X
The XX Factor
Oct. 21 2014 3:03 PM Renée Zellweger’s New Face Is Too Real
  Slate Plus
Behind the Scenes
Oct. 21 2014 1:02 PM Where Are Slate Plus Members From? This Weird Cartogram Explains. A weird-looking cartogram of Slate Plus memberships by state.
Brow Beat
Oct. 21 2014 1:47 PM The Best Way to Fry an Egg
Oct. 21 2014 10:43 AM Social Networking Didn’t Start at Harvard It really began at a girls’ reform school.
  Health & Science
Climate Desk
Oct. 21 2014 11:53 AM Taking Research for Granted Texas Republican Lamar Smith continues his crusade against independence in science.
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.