What is email spoofing?

Email spoofing is the technique of sending email to others with a forged sender’s address.

What is spamming?

Spamming is an automated process of sending “junk” emails.

This automation process can be used negatively by sending fraud messages to millions of users asking them about their credit card details and other sensitive information.

Description:

If you receive a mail letter, you¬†can verify¬†the¬†return address¬†within the¬†top¬†left corner as an indicator of¬†the point of origination. However, the sender¬†may¬†write any name and address there;¬†there is no assurance that the letter is from that person and address. E-mail messages contain¬†return¬†addresses, too ‚Ästhowever, they could likewise be deliberately¬†dishonest, or “spoofed.” Senders¬†do that¬†for¬†a variety¬†of reasons, including:

  1. The e-mail is spam and therefore the sender does not wish to be subjected to anti-spam laws.
  2. The e-mail constitutes a violation of another law (for example, it is threatening or harassing)
  3. The e-mail contains a virus or Trojan or ransomware.
  4. The e-mail requests¬†information¬†that you just¬†may be¬†willing¬†to convey¬†to the phony sender’s

Spam is additionally referred to as uninvited business Email (UCE). This includes the following:

  • Advertisements
  • Pyramid schemes (MLM)
  • Giveaways
  • Chain letters
  • Political email
  • Stock market¬†advice
  • One-time notices

The purpose of spam¬†is to make money illegally simply. Some¬†individuals¬†assume¬†that if the spam is targeted to¬†a particular¬†cluster¬†of individuals, it¬†then doesn’t¬†qualify as spam.

They also assume that if an opt-out methodology is provided, then the e-mail is not spam.

Wrong! ALL uninvited email is spam.


Scenario:

Eric recently found himself¬†in a¬†scenario, as he began to receive a deluge of “bounced” email–spam messages that¬†appeared to¬†be¬†sent from his email account to¬†various¬†invalid email addresses¬†that came¬†to him, the alleged sender.

However, the e-mail address in question is for an account that Eric seldom uses, and he did not use it wittingly to send any spam email to anyone. Initially, he conjectured that spammers had somehow hijacked the e-mail account. However, even when he reset the e-mail address, the bounce messages continued to flow in.

Why was this happening? Were the messages¬†coming¬†from Eric’s email address, or were their actual senders¬†simply¬†operating¬†his email address as a spoofed address within the¬†email headers? What¬†might¬†he do¬†to prevent¬†the annoying activity? Was his¬†only¬†choice to¬†obliterate¬†the e-mail¬†account¬†and begin¬†over with an untouched one?

Ethical Hacking Training – Resources (InfoSec)

Effects:

  1. In¬†different¬†cases,¬†you will get¬†a slew of “undeliverable” email messages from random strangers. This happens¬†when¬†spam emails¬†using¬†your email address¬†is sent¬†to¬†unsuspecting people. If¬†they are¬†undeliverable, the non-delivery notifications¬†come¬†to¬†you eventually,¬†flooding your inbox.
  2. Spamming consumes network resources. A deluge of spam can logjam e-mail servers.
  3. Because of this, the sending and receiving of legitimate e-mail messages can be significantly slowed down.
  4. If an email is received from the attacker with the subject such as “Google liked your profile,” it is tough not to click on the attachment. Once the attachment is clicked on, malware gets downloaded and performs all kind of malicious activities.

Solutions:

  • Only¬†offer¬†your email address to¬†an organization¬†if¬†it is¬†entirely¬†necessary. There are surveys, gaming sites, free shopping vouchers, etc. that asks you for your email address. Once you fill in your email id, it is then circulated to various advertisers and others to send you promotional emails, etc.
  • Do not enter contests.¬†The sole¬†prize¬†you will¬†win¬†may be an¬†inbox¬†filled with¬†spam.
  • Use¬†2¬†email accounts. Use one account for all business, purchasing, newsletters,¬†selling¬†lists, chat rooms. The second account¬†ought to¬†be for all personal use.
  • Do not unsubscribe from spam. Spam¬†typically¬†contains¬†an¬†unsubscribe link. This link is there¬†to get¬†you to verify your address¬†and typically¬†gets you even¬†further¬†spam.
  • Look for opt-out policies.¬†Ensure that¬†you are¬†not¬†signing¬†up for¬†something¬†that you simply¬†don’t wish to receive.
  • Don’t¬†offer¬†out¬†alternative¬†people’s email address.¬†Don’t¬†do that¬†unless¬†you have got¬†permission from the¬†recipient.
  • Don’t forward chain letters. Spammers collect email addresses from them.
  • Keep your email address off¬†the web¬†unless¬†where¬†entirely¬†necessary.

Good reads: