Main Area and Open Discussion > General Software Discussion

Verifying if an email has been spoofed

(1/4) > >>

nosh:
A friend of a friend has been getting stalked for a while. Recently she and a friend both received the same email from each others addresses that neither of them has sent. She's going to call me up and I'll give her the usual drill about changing her pw from a new PC, hard to guess pw q&a, anti-keyloggers, etc but I suspect that their accounts may not have been hacked at all and the mails may just be spoofed to creep her out. They both still have access to their accounts and from the malicious track-record of the person stalking her, it seems highly unlikely he/she would allow this esp. after disclosing that the accounts have been "compromised". I myself have seen a few spam mails slip through the cracks to my inbox because they appear to be sent from the same address receiving them. Is there any way to tell an authentic mail from a spoofed one? Both parties use gmail.

mediaguycouk:
I don't think you can spoof a gmail address from gmail (it comes out as [email protected] on behalf of [email protected]) so you should be able to look at the headers for this (if it is real).

If it comes from another server then it is likely fake.

Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.240])   by mailgate2.iss.soton.ac.uk (8.13.8/8.13.4) with ESMTP id [snip]

nosh:
Ok. I had a suspicion that every part of the header might be possible to spoof. Thanks for clarifying.

mediaguycouk:
It is, but by that point it would be your ISP or someone on your own computer spoofing it.

housetier:
If you make a habit of digitally signing your emails, spoofs are easier to detect.

Navigation

[0] Message Index

[#] Next page