Subject: | |
From: | |
Reply To: | |
Date: | Mon, 9 May 2011 11:35:06 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Mon, May 9, 2011 at 11:19 AM, Meir Weiss <[log in to unmask]> wrote:
> EXPLAIN PLEASE what are the diff with spoofing please
>
This isn't a dead horse, it's something that every e-mail user needs
to understand. The confusion here indicates that many people on the
list don't understand the difference...
In general, an e-mail account is relayed by a server some where and to
get at that server (hack the e-mail account) you need to know a
password or two and / or get direct access the server. Either one of
those is possible, but spoofing is much easier so it's far more
likely. Spoofing is where someone creates an e-mail (using a server
that they run or control) and creates fake e-mail headers that make
the e-mail look like it comes from someone else on some other server.
Spoofing is very easy to do, all you need to do is subscribe to an
e-mail list (like this one) and harvest some candidate e-mail
addresses. You can then create fake e-mails that look like they came
from some legitimate user some where else (like a subscriber on this
list).
When you get an e-mail, if you know what you are doing, you can
examine the e-mail headers to see if the originating server matches up
with what the e-mail address claims. How you do this exactly depends
on the e-mail client you use, but for example, on G-mail you can use
the "show original" option to look at the details of the e-mail and
see most of the headers.
You can't really protect your e-mail from being spoofed if you use it
in public, so you should really keep at least two e-mail addresses,
one you use in public and one you use for private use and things like
e-commerce.
-----------------------
To change your mail settings or leave the C-PALSY list, go here:
http://listserv.icors.org/SCRIPTS/WA-ICORS.EXE?SUBED1=c-palsy
|
|
|