Beware of e-mail forgery


Tip
Last winter the editor of a computer magazine received a barrage of nasty e-mail messages, seemingly from me and other magazine editors. After a flurry of alarmed phone calls between network mail administrators at the magazines concerned, we traced the messages to an unknown hacker from an address in Buenos Aires. The hacker had broken into the mail servers of various magazines and sent forged e-mail messages to editors at other magazines.
Since journalists are often insulted by other journalists, most recipients of these forgeries only shrugged wearily.
The phenomenon is called "e-mail spoofing", and most e-mail systems are vulnerable to it. Even a mail server nestled behind a firewall can fall victim to a prankster who sends employees forged mail that looks like it came from other employees or companies.
The problem is most prevalent in secondary schools. Youngsters soon learn that they can use their new Internet connection to send e-mail to other students -- and make it look like it was written by a teacher or the principal.
In an education mailing list, a school administrator described how a student used his parents' Internet account to send harassing e-mail to a former teacher. By shipping it out on the Internet and redirecting it, this resourceful teen made it appear as if the mail originated from inside his school.
Is there any way to protect your mail server from pranksters? Unfortunately, no, because of weaknesses in the SMTP mail protocol. Until technology catches up to the wiles of sociopaths, you'll just have to discount as juvenile pranks all messages that don't make sense. Especially if they're from me.
- Judy Heim

Category: Internet
Issue: Mar 1997
Pages: 192

These Web pages are produced by Australian PC World © 1997 IDG Communications