Email Spoofing

[SMS]

I'm usually pretty tight with my password complexity and not entering crap on suspect websites (other than OSA, which is suspect enough), but my hotmail account recently got spoofed.

My wife and others have received at least one email that looks like it came from me, until you look at the detail which reveals it has actually come from a completely different address.

Anyway to stop the spoofing?

 

[vvvvvvv]

Not at the user level that I'm aware of.

The email host can check if the server that it was sent from is in that domain's authorized list, but that's about it.

You could try looking up who owns the C block of the IP it was sent from and notify the abuse contact there, but that doesn't always help, and it's also somewhat easy to spoof IP addresses.

Email is very easy to spoof. You don't even need special tools. I'm surprised that businesses still use it for "secure" communication without any form of signing or encryption.

Want passwords to a company's accounting database? Send an email to someone in the accounting office from an address like techsupport@ or [email protected]. It works alarmingly often.

I used to have a tshirt that said "There is no patch for human stupidity".

Sent from my SCH-I535 using Tapatalk 2

 

[dennishoddy]

Its easy. Change your password.

I've been hacked twice, and went all over the internet looking for a solution. All of my contacts were getting Viagra emails. You wouldn't believe what comments I got. LOL..

Finally changed the password on the first one, and it went away for a year or so. Finally got hacked again, and changed it again a couple of months ago. Problem solved.

 

[SoonerP226]

Yep; spoofing email is trivial. If you can find an open relay, you can do it with nothing more than a telnet client and a rudimentary understanding of how SMTP works--it's entirely text-based and uses standardized commands and formats.

 

[SoonerP226]

Its easy. Change your password.

They didn't get access to his account, they spoofed (i.e, forged) his email address in a message sent from another location entirely. As Veg noted, there's basically nothing that you, as a user, can do about it.

 

[348]

You had me at ehlo.

 

[dennishoddy]

They didn't get access to his account, they spoofed (i.e, forged) his email address in a message sent from another location entirely. As Veg noted, there's basically nothing that you, as a user, can do about it.

Ok, different deal then.

Never hurts to change your password on occasion though!

 

[TwoForFlinching]

Extremely long passwords mixed up with upper/lower case letters and numbers. I haven't been hacked since I changed my email/various other important passwords to a 28 character jumble of uncomprehending letters/numbers... I also started putting the name of the website in front of a letter/number mix as the password too. Haven't been hacked in a decade or so. I still leave the simple pass on the lesser important sites I frequent. I wouldn't expect anyone would want to hack a chive account to just leave less creative and more tasteful comments about boobs.

 

[dennishoddy]

I use words not in the dictionary.

 

[vvvvvvv]

I use words not in the dictionary.

Do you tell your browser to save your password?