E-Mail Impersonator.

Inside the Internet.
March 12 2002 7:46 PM

E-Mail Impersonators

How to identify "spoofed" e-mail.

Editor's note: To read the complete explanation of how Slate was duped by an e-mail spoofer, see this "Press Box" column.

After my wife cast her ballot on the morning of Election Day 1996, she arrived at work to find an e-mail from none other than the president of the United States (president@whitehouse.gov). He thanked her for her vote and promised to address her hot-button issues of education and women's rights. She was a little disturbed, but as it turned out the sanctity of her secret ballot hadn't been compromised. Someone (her husband) had merely sent her a spoofed e-mail.

E-mail is considered "spoofed" when the e-mail address in the "From" field is not that of the sender. As Slate learned so publicly last week, believing what you read in spoofed e-mail can cause huge embarrassment, so if you receive an e-mail from George W. Bush or a man purporting to be an executive of a European carmaker, trust us: It might not be on the level. The bad news is that it's not very hard to spoof e-mail, but the good news is that it can usually be detected. To detect spoofed e-mail (and boy, do Slate's editors wish I'd written this piece last month!) you need to understand how e-mail is sent on the Internet.

  1. First, your e-mail program (e.g., Outlook, Eudora, Hotmail) sends mail to an SMTP (Simple Mail Transport Protocol) server, a computer that understands how to relay your e-mail
  2. from SMTP server to SMTP server across the Internet, until
  3. it arrives at its penultimate destination, the recipient's mailbox. The mailbox stores this e-mail until
  4. finally it's fetched by an e-mail program, so its recipient can read it.

Advertisement

Like a well-paid courier, SMTP just passes along what it was given. I tell Outlook my e-mail address, but neither it nor the SMTP server provided by my Internet service provider has any way to verify that it's true. Just this minute, I changed my Outlook settings to say that my name is Mork, e-mail address mork@ork.planet, and Outlook happily sent more mail to my wife, who is tiring of my little shenanigans. ISPs smarter than mine configure their mail servers to be more restrictive about the e-mail they'll accept, attempting to verify the veracity of the sender's address, but a determined spoofer usually knows how insert e-mail further along the transmission chain.

Every e-mail contains a hidden component known as a "header" that details its transmission history. By viewing the header and doing a little detective work you can usually spot the telltale signs of spoofed e-mail. Investigating suspicious e-mail is a relatively technical process. To do so, check the headers:

  • In Outlook, select View/Options.
  • In Outlook Express, select Properties/Details.
  • In Pine, type H.
  • In Eudora, click on the "Blah Blah Blah" button (I love that).
  • In Hotmail go to Options/Mail Display Settings/Message Headers and select "Full."
  • In Netscape, select View/Headers/All.
  • In Yahoo! Mail select "Full Headers."
  • See the help file of e-mail programs not mentioned here and look up "headers."

At first glance headers looks like gobbledygook, but in time … no, it will always look like gobbledygook. You just have to tough it out.

The first thing to check is the From field, which will look like one of these:

From: George W. Bush (president@whitehouse.gov

From: president@whitehouse.gov (George W. Bush)

From: George W. Bush

Look for a discontinuity between the friendly name and the e-mail name. If the friendly name is "George W. Bush" but the e-mail address is fred@spammers.com, or if the e-mail name is missing entirely, the e-mail may be spoofed. But a sophisticated spoofer won't make this simple mistake.

TODAY IN SLATE

Foreigners

More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture

Why Greenland’s “Dark Snow” Should Worry You

If You’re Outraged by the NFL, Follow This Satirical Blowhard on Twitter

The Best Way to Organize Your Fridge

Politics

The GOP’s Focus on Fake Problems

Why candidates like Scott Walker are building campaigns on drug tests for the poor and voter ID laws.

Sports Nut

Giving Up on Goodell

How the NFL lost the trust of its most loyal reporters.

Is It Worth Paying Full Price for the iPhone 6 to Keep Your Unlimited Data Plan? We Crunch the Numbers.

Farewell! Emily Bazelon on What She Will Miss About Slate.

  News & Politics
Weigel
Sept. 16 2014 7:03 PM Kansas Secretary of State Loses Battle to Protect Senator From Tough Race
  Business
Moneybox
Sept. 16 2014 4:16 PM The iPhone 6 Marks a Fresh Chance for Wireless Carriers to Kill Your Unlimited Data
  Life
The Eye
Sept. 16 2014 12:20 PM These Outdoor Cat Shelters Have More Style Than the Average Home
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Slate Plus Video
Sept. 16 2014 2:06 PM A Farewell From Emily Bazelon The former senior editor talks about her very first Slate pitch and says goodbye to the magazine.
  Arts
Brow Beat
Sept. 16 2014 8:43 PM This 17-Minute Tribute to David Fincher Is the Perfect Preparation for Gone Girl
  Technology
Future Tense
Sept. 16 2014 6:40 PM This iPhone 6 Feature Will Change Weather Forecasting
  Health & Science
Science
Sept. 16 2014 4:09 PM It’s All Connected What links creativity, conspiracy theories, and delusions? A phenomenon called apophenia.
  Sports
Sports Nut
Sept. 15 2014 9:05 PM Giving Up on Goodell How the NFL lost the trust of its most loyal reporters.