E-mail spoofing

I’ve been trying to explain to people for a long time that the “from” address on an e-mail is just like the return address on an envelope – you can put anything there you want. This comes up all the time with spam and viruses.

Now it seems this is being used as a new form of harassment. CNN has an article about how some people are using spoofed e-mail to harass Arab-Americans by sending fake hate mail with their address as the sender.

The article mentions PGP signatures as a way to verify the sender of a message. This is probably the most secure solution assuming that everyone you correspond with has installed PGP. I think the best solution is two-fold. First, educate people about how e-mail works. Once people understand the simplicity of the protocol, it should be obvious how it can be easily faked. Second, teach people to stop and think. This applies to life in general, not just e-mail. My advice to anyone who gets an e-mail they don’t like is the same as it’s always been – just delete it and go on with life.

One more interesting thing, note how the article goes back and forth between spelling it “e-mail” and “email”.