Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Spampaign Analysis | Main | Phony Shell Oil Star Promotion »

August 26, 2010

Repeat After Me: "The From Field is Forged"

Spammers and crooks know it: Lots of email recipients treat the From: field as if it must be telling the truth. If an email message that makes it to your inbox says it's from Joe Blow, well, by God, it's from Joe Blow.

This blind faith about unsolicited email messages is what gets so many computer users into trouble.

A case in point is that someone managed to find his or her way to this web site (spamwars.com) and went to the trouble of filling out the contact form thusly:

I received an e-mail from this address saying I made an online payment of $500 not true. Remove all information

I suspect the person found the site by searching Google, which pointed to this article. So, I write an article blowing the lid off this scam, and I'd send out more messages after I implore you to not react to the messages? WTF?

Worse yet, this person included his/her email address in the contact form. Luckily for him/her, I don't harvest addresses (or send out any kind of bulk email of any kind). Voluntarily revealing one's email address to any kind of spammer or scammer is the most idiotic thing one could do — and he/she obviously thinks I'm a spammer/scammer, right?

I've tried to educate computer users about how email headers can be forged from here to Azerbaijan, but they either don't listen, or just have overriding faith in what they see in their in boxes. For the record: Everything from the header that your email client displays can be forged, including the From:, To:, Date:, and Subject: fields. And when it comes to spam or scam messages, the From: field is almost always forged with other addresses from the spammer's databases (i.e., other spam recipients). These addresses have been harvested from infected computers and other sources for years and years. An infected computer will supply Bad Guys with addresses of everyone with whom the infected computer has corresponded — which is how addresses belonging to owners of clean computers have been captured. If you are receiving spam, there is a very good chance that your address has been plugged into the From: field of spam going to others at some point.

Most computer users can't be bothered to learn how the spammers and scammers make them dance like marionettes. Put on your tap shoes.

Posted on August 26, 2010 at 10:36 PM