Have you every received a post card?
You know, an old-school piece of paper with a picture on one side and writing on the other. It goes without saying that anyone can write anything on a postcard. I could go out and get a postcard with a picture of the White House on it and write “Wish you were here. Love, Dubya” on the back. If I send it to your address and put 1600 Pennsylvania Ave as the return address, then you have no way of knowing who really sent it.
E-mail works exactly the same way as a postcard. It’s so easy to forge the from address on an e-mail that even a child could do it (and many of them do). It’s even easier to send you an e-mail from dubya@whitehouse.gov than it is to send you a fake postcard. The differences are, it doesn’t cost me anything to send you an e-mail and there are programs that let me send thousands of e-mails with a single mouse-click.
With all of these facts in mind, it should be obvious to even the most inept computer user that you can’t trust the from address on an e-mail.
So why is it that I still receive complaints like this at least daily: “I got a spam e-mail from your address so you better check your computer, it’s sending spam!” To which I reply: “Every spam these days has a fake from address so you don’t know who really sent it.”
Here’s another one that I frequently get: “Someone at Paris ISD sent me a virus so you should check all of your computers!” Again I reply: “Every virus these days makes up a fake from address so you don’t know who really sent it. And, I monitor every message that goes through our server, so if one of our users has a virus I’ll know about it immediately.”
Finally, my all time favorite complaint: “I received an e-mail from you with a strange message and an attachment. I tried several times to open it, but never could make it work. Also, my computer is running really slow now and I think some of my files are missing…” You can make up your own reply for this one.
To make matters even worse, some mail server admins have set up their spam filters and anti-virus software to return bad e-mail to the (fake) sender. So people receive automatically genereated e-mail from a mail server saying something like “You sent an illegal e-mail to a user on our domain. If you continue to disrupt our network this way, you will be prosecuted to the fullest extent of the law.” I will never understand how these idiots get jobs running company networks.
Now, I know some of you out there are really clever and you’re saying “Wait a second, I can tell where your postcard came from by looking at the postmark.” If that’s you then you’re exactly right. All of those evenings spent watching CSI have finally paid off. E-mail has a similar feature where you can look in the message header and see what IP address actually sent the message. Unfortunately, even this can be spoofed by a clever virus or spammer, and most users don’t ever take them time to look at it.
What should you do with all of this new knowledge? First, never trust the from address on an e-mail again. Next, never open an attachment unless you’re absolutely sure what it is and why it was sent to you. If you have any doubts about a message, pick up the phone and call the sender. If you still have any questions about the origin or purpose of a message, just delete it. Don’t bother notifying the sender or e-mailing a warning to everyone in your address book. Just click delete and move on with your life.
Happy E-mailing!
The topics that really put a bee in Tony’s bonnet can be readily identified by the lengths to which he goes to make his point. For those audience members at whom this tirade is directed, and perhaps lacking the patience to sift through the entire text, I now gladly provide the Cliff’s Notes version of what he says:
Listen, you computer-illiterate milksop substitute babysitters! I’m tired of not being able to get anything worthwhile done with the District’s technology department because you bowheads are too busy making your e-mail cute to read the rules about computer use! Why don’t you teach the kids instead of opening your viral FW:FW:FW:FW:FW:FW:FW chain letters at school?? JUST DON’T CLICK ANYTHING IF YOU CAN’T UNDERSTAND ME! Okay???
Ben is feeling a little harsh tonight, huh?
Not harsh at all! E-mail scammers should be hung by their scalps from the ceiling…kinda like the aliens at Aikin this week.
Thanks for this – I’ve starting copying and pasting sections from your post into e-mails when folks ask me these same questions!