Is it possible for someone to use a fake return email address?

Discussion in 'Linux Networking' started by mail1227418, Mar 12, 2007.

  1. mail1227418

    mail1227418 Guest

    Hello,

    I have a simple question. Is it possible for someone to use MY email
    address as the return address when sending an email?

    Either my hotmail account has been hacked (which I doubt) or someone
    is really messing with me. I changed my password earlier today.
    This whole thing started when I began to get angry replies to emails
    that I never sent. For instance:

    "Please do not abuse our email response system by sending ignorant and
    inappropriate comments. First of all, this system is in place for
    students who genuinely need advice for their issues. Secondly, your
    comments show complete disregard for what we stand for as an
    organization that promotes international humanitarian aid.

    Your prank emails are not appreciated. If you continue to abuse this
    system, we will report your IP address to the appropriate authorities.

    - Absolute Leadership Development"




    Category: Absolute
    ---
    JERK ME OFF IM SO HORNeY FOR POOR AFRICAN KIDS "


    ^The above email was not written by me, and I am very offended that
    someone is using my email address to ruin my good name.

    Any advice on a situation like this? I was going to send an email to
    them saying that I did not send it, but I haven't yet. I'm hoping
    someone on usenet might have a few good ideas for me.
     
    mail1227418, Mar 12, 2007
    #1
    1. Advertisements

  2. mail1227418

    fizteh89 Guest

    Dude, nothing can be easier than faking your return e-mail address.
    Some folks do it all the time - when spamming other people with
    unwanted e-mails or posting various spam messages on usenet.
    The harder trick is faking originating host's IP address - that would
    require some more advanced skills but it's still very doable.
    Just ignore the whole thing - it has no legal significance for you
    whatsoever...
     
    fizteh89, Mar 13, 2007
    #2
    1. Advertisements

  3. mail1227418

    mail1227418 Guest

    I thought I'd get a more reliable answer from people in a computer NG
    than from a CSR. The info I have gotten so far has been useful.
     
    mail1227418, Mar 13, 2007
    #3
  4. mail1227418

    fizteh89 Guest

    Dude, nothing can be easier than faking your return e-mail address.
    Some folks do it all the time - when spamming other people with
    unwanted e-mails or posting various spam messages on usenet.
    The harder trick is faking originating host's IP address - that would
    require some more advanced skills but it's still very doable.
    Just ignore the whole thing - it has no legal significance for you
    whatsoever...
     
    fizteh89, Mar 13, 2007
    #4
  5. Hi
    Yes it is quite common that Spammers, and other offenders, spoof other
    people email addresses. These emails are probably Not sent from your email
    server. I.e it is Not hacked and thus changing password would not help.
    However, to make sure check with the email support service.
    Jack (MVP-Networking).
     
    Jack \(MVP-Networking\)., Mar 13, 2007
    #5
  6. mail1227418

    Jerry Avins Guest

    Of course. Why do you ask here instead of at hotmail?
     
    Jerry Avins, Mar 13, 2007
    #6
  7. Yes, but it is also often easy to detect such fakes.
    This response is inappropriate unless the responder in fact verified
    the source of the email. The IP address he would report is likely not
    yours anyway.
    Send them an email telling them you don't appreciate their
    inappropriate comments and that they should learn how to read headers
    and track an email before they make threats and accusations.

    One thing mail administrators hate more than anything is having to
    deal with being blamed for other people's abuse. Creating such
    problems for other people themselves and blaming the victim is
    unacceptable. This is especially true with a source like Hotmail which
    is especially easy to verify.

    I'm assuming this email is a very bad fake, perhaps their behavior is
    excusable if it's a really good one. Did they at least send you back
    full headers?

    DS
     
    David Schwartz, Mar 13, 2007
    #7
  8. mail1227418

    Joe Pfeiffer Guest

    Yes -- you can set your From: header to anything you want, both in
    email and news (a little quick delving through the headers on this
    message will reveal that while I'm still using my
    email address to post to usenet, I'm no longer posting from that
    account -- they've quit supporting usenet, so I'm now posting from my
    home account. But I'd rather not make that account quite so easily
    accessible to spammers).

    There's really not much you can do about it except to assure the
    people responding that it wasn't you.
     
    Joe Pfeiffer, Mar 13, 2007
    #8
  9. mail1227418

    escra Guest

    Hmm.

    Lets see here...

    You are the registered "owner" of the Hotmail address ...

    Which means, you would had to have to registered on Hotmail practically the
    day that they went on online.

    Yet, you don't know that:

    - Changing the From header in mail user agents is not only trivial, it is a
    feature.

    - The chance that some clown out there would pick "" to
    send stupid email to some organization is very good.

    - Didn't think to take a quick glance at this email sent from this
    organization. (Which could've been bullshit, itself.)

    - Ask this organization for the original email, so you could look at this
    headers if you think it is a big deal.

    - Know to laugh at the "legit" email to begin with. Give me a break. The
    fact that they event sent you anything says volumes. It would've been much
    easier to just procmail your ass then reply. And the suggestion about
    contacting "appropriate authorities" is a joke. At best, maybe they could
    get Hotmail to delete the account -- but I doubt it. Hotmail is too busy
    dealing with the mass spammers than to devote even a second to silly
    one-sies and two-sies things like this.

    /me thinks it is you spewing the BS.

    If not, I apologize, but you to have to recognize why eyebrows are raised.
     
    escra, Mar 13, 2007
    #9
  10. mail1227418

    Tester Guest

    It is very easy if you send mail with Outlook Express or Eudora or a
    similar program rather than webmail.

    I've got an account on the free mail service nerdshack.com. I'm going
    to send myself mail and forge George Bush as the sender.

    telnet mail.nerdshack.com 25
    220 mail.nerdshack.com ESMTP dispatchd
    helo world
    250 mail.nerdshack.com
    mail from: <>
    250 Sender okay.
    rcpt to: <[censored]@nerdshack.com>
    250 Recipient okay.
    data
    354 Enter mail, end with "." on a line by itself.
    From: Dubya <>
    To: <[censored]@nerdshack.com>
    Subject: This is a test

    Test.
    ..
    250 Message accepted.
    quit
    221 Bye.

    I should note that if I use nerdshack's mail server to send mail to
    another domain, I have to login to the server and the server prevents
    me from forging. But most mail serves don't prevent forgery even when
    they require you to login.
     
    Tester, Mar 14, 2007
    #10
  11. mail1227418

    Doug Mitton Guest

    You have received a lot of answers, but here is just a little
    "different" information:

    This is something SPAMers do all the time. It is very easy.

    It is very easy BUT now, most REAL email servers check to make sure
    the email address is for a real account. So, you can't easily make up
    totally fake domains.

    Back in the early days of the internet I used to do this to "trick" my
    friends with totally made up addressess and domains. It made for some
    very good jokes, especially with my kids. These days it is pretty
    easy to send an email FROM someone other than yourself, as long as it
    is a valid address.

    The trick is, if you know what you are looking for, the details of the
    trick are available in the email header. If you get the "spoofed"
    email directly and view the headers you can see where it really came
    from. This header information is lost if you forward the email to
    someone else and don't choose to preserve the original headers.

    Good luck in your search for information, it is very difficult to
    protect yourself from this form of identity theft BUT it isn't
    serious. This is one of the reasons many people "mangle" their email
    addresses when posting in a public forum, to reduce the chances of
    their address being harvested for SPAM purposes.

    --
     
    Doug Mitton, Mar 17, 2007
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.