1. Cybersecurity

Email spoofing explained: Who does it and how?

Disclaimer: This is a user generated content submitted by a member of the WriteUpCafe Community. The views and writings here reflect that of the author and not of WriteUpCafe. If you have any complaints regarding this post kindly report it to us.

Email spoofing definition

Email Spoofing is the act of forging email so that it appears as if it came from someone who it did not. I discovered how to spoof email during the autumn of 1993 in my second year of college at Northwestern. An upperclassman from my dorm demonstrated it to me how to do it. In the past, we could read our emails through telnetting to the mainframe of the campus after which we used elm which was the first step to Mutt.

“Look,” he said, “You just change the “From” header to whatever you want. Do not ever do this again or you'll be caught in the crossfire.” I never did.

For a long time, email spoofing was easy but only in recent years have security measures to combat this problem been added as an afterthought. Kludges such as SPF, DKIM and DMARC make spoofing emails more difficult than it was previously however these solutions aren't widely used, and there are still workarounds for fraudsters, spammers and Phishers to spoof.

Even more troubling, the idea of bringing backport security to email is a challenge for many of the most sophisticated security minds of our time Many of them would rather throw email out and start starting from scratch. Email is not secure due to the fact that most email users of the 1970s were either military or academic and were therefore considered to be reliable. Because email is so integrated into our lives, attempting to remove it the email and substitute it for something that is secure by design is like trying to turn windmills.

Forgery is so much simpler on the internet. It is difficult to fake signatures written by hand. Criminals who are skilled provided (and continue to offer) services like this, however the barriers to entry are extremely high, and so is the chance of being found guilty. A letter written by hand or even a typewritten letter that has a signature that you can recognize, is a powerful evidence that the letter is genuine.

The level of trust that we have in our lives isn't reflected in the digital world, however our brains are yet to catch up. A known email address has the same amount of trust within our brains like a letter written by hand from a friend or loved one, but without proving that trust.

Who would like to sabotage your confidence? So many people.

Who is spoofing email?

“I am your CEO and will hereby ask you to pay the paltrey amount of USD 14 million in our brand new provider of gadgets such as whatchamacallits, thingumbobs and other. As a petty gesture of good faith, I've taken a blood oath to pay prior to when it is the time that Celestial Serpent consumes yonder fiery orb. I beg you, my number cruncher, do it happen.”

I'm kidding, but fake emails such as this one are the graveyards of well-meaning corporate careerists attempting to impress their boss. An authentic letter from your boss advising you to transfer money abroad In many departments of accounts payable This isn't only an everyday, but maybe it's an hourly thing.

What's the best way for the world of business going if the information you receive in your email is reliable? We're trying to solve it.

How do you stop emails from being spoofing: SPF, DKIM and DMARC

SPF (Sender Policy Framework) was the very first attempt to fill an opening with the smallest bandage that they sell. What are those tiny ones that are about 1 inch wide and one quarter inch wide? That's SPF.

The first time it was proposed was in 2004. SPF was not officially adopted as an Request for Comments (RFC) up to 2014. SPF operates by publishing by letting the domain administrator publish the IP addresses that are allowed to send emails to that domain, which makes it possible for an email server to examine the DNS before deciding to accept or reject any particular email.

The band-aid's tiny size was not sufficient, so a more substantial piece of gauze was used: DKIM (DomainKeys Identified Mail) that cryptographically sign outgoing emails on the server. Domain owners can publish the public key within the domain's Domain Name Service (DNS) and allow email servers to search for and verify cryptographically DKIM signatures. DKIM was not standardized until the year 2011.

What happens when an incoming email fails both tests? SPF as well as DKIM checks? Shrug emoji here. Enter DMARC (Domain-based message Authentication reporting, Conformance) is a big bandage that generally does the job however that axe-gash remains pretty gritty. DMARC does not really solve the problem but it can get walking injured email warriors to their feet.

DMARC lets domain owners publish on their DNS the information they wish to happen with spoofed mail and, most importantly it establishes a mechanism to report on email servers to notify domain owners that they have received fake email. A typical implementation of DMARC begins by not reporting (“p=none”) Then, it requires that any spoofed email is declared spam (“p=quarantine”) and lastly, the public is informed that the spoofed email will be returned to the face of the sender (“p=reject”).

How can you fake email

Despite all this effort to protect emails — which has, it should be noticed, greatly reduced the use of the use of email spoofing, smart attackers have numerous technical loopholes they can exploit.

It isn't possible to spoof emails sent from xyz@xyz.com because AcmeCorp.com is DMARC configured to “p=reject”? You can spoof an email sent coming from AcneCorp.com instead. The domain doesn't need to be in existence. If it exists, do you think that the parked domain has DMARC used? Perhaps it doesn't.

You can even make an account that is a throwaway Gmail accounts, xyz@gmail.com. If you're a lazy user, or someone who is who is hurrying, might not even think about it.

This requires universal adoption and proper implementation and configuration of SPF, DKIM and DMARC this isn't the reality that we live in our day-to-day lives.

It's a simple matter to spoof emails to perform, and the technical capabilities required for this type of attack are extremely weak and could be extremely lucrative. If we don't find a way to dump all of our email in the trash and set it on fire , and then swap it out with something that is secure by design, we'll be spending a huge amount of money and time to defend our businesses, our governments as well as our entire society from this baffling weakness.

Original source: https://medium.com/@rawatnimisha/email-spoofing-explained-who-does-it-and-how-e7f82c3ab0a3



Welcome to WriteUpCafe Community

Join our community to engage with fellow bloggers and increase the visibility of your blog.
Join WriteUpCafe