[PCWorld]

Post your comments for Minimize Your Exposure to Email Spoofing here

[ShadowDragon2086]

or use googles 2-step sign in and be done with it

[GraysonPeddie]

ShadowDragon2086, on 05 April 2012 - 08:19 PM, said:

or use googles 2-step sign in and be done with it

How does that help minimize spoofing? Limiting exposure and not using Live Mail, Yahoo Mail, GMail, and/or any other free e-mail services as your personal e-mail account can help minimize e-mail harvesting and spoofing/forgery. I would just use my custom domain name for e-mail.

[BulldogXX]

ShadowDragon2086, on 05 April 2012 - 08:19 PM, said:

or use googles 2-step sign in and be done with it

It's not a matter of how you sign in. A spammer doesn't need to sign in to your account to obtain your address or to use it.

The article is correct: You cannot prevent your address from being spoofed. You can only reduce the chances that it will happen. Once your address is spoofed, kiss it goodbye. You can never stop it from being abused.

[richpond]

Compromised, or spoofed? Here's a significant point. The article mentions this:

"The tactic can also increase the spam message's seeming legitimacy: You're more likely to open email that purports to come from a person or a company you know than email that comes from a total stranger."

Why are the spam messages going to people who know you? If a spammer only gets your e-mail address, and sends 'spoof' messages that seem to come from you, those spam messages go all over the place. They are not particularly sent to people you know. But if your own account or computer is compromised, the spammer will have not only your address to use as the 'from' address, but also names and addresses of people in your e-mail account to use for spam targets.

So if many people you know are getting messages that seem to come from you, someone may have your entire address book. That is more likely to signify that there's a real compromise rather than just a case of someone finding your own name and address for spoofing.

[MLStrand56]

I have several E-mail addresses. My private E-ddress is ONLY to send/receive E-mails from my friends. I have another E-ddress that I use anytime I have to leave an E-ddress on a website. My last E-ddress is for E-bay ONLY.

MLStrand56

[ZipFolder]

Totally agree, just be careful

[TheOldTopkick]

richpond, on 06 April 2012 - 10:31 AM, said:

Compromised, or spoofed? Here's a significant point. The article mentions this:

"The tactic can also increase the spam message's seeming legitimacy: You're more likely to open email that purports to come from a person or a company you know than email that comes from a total stranger."

Why are the spam messages going to people who know you? If a spammer only gets your e-mail address, and sends 'spoof' messages that seem to come from you, those spam messages go all over the place. They are not particularly sent to people you know. But if your own account or computer is compromised, the spammer will have not only your address to use as the 'from' address, but also names and addresses of people in your e-mail account to use for spam targets.

So if many people you know are getting messages that seem to come from you, someone may have your entire address book. That is more likely to signify that there's a real compromise rather than just a case of someone finding your own name and address for spoofing.

I agree but it is still hard to tell which is which. I received two from my daughter and one from my brother with a different message. I opened only the first one and it took me to a "how to make money at home" site. I finally blocked the domain of the sender in each case.

[0004673968]

I have seen e-mails with hundreds of emails displayed in them. Why? It is because senders are too lazy to clean off previous emails before forwarding. Those eMails are a hacker's delite.

[RMAM2011]

ShadowDragon2086, on 05 April 2012 - 08:19 PM, said:

or use googles 2-step sign in and be done with it

The 2-step sign in has nothing to do with spoofing email headers. That is intended to lower the effectiveness of keyloggers and other mechanisms that "steal" your password as you enter them.

[YEPYTZME]

When answering a site that requires your e-mail address, use "bspamfree.org". Go to that site, no registering, no names, nobody knows who or where you are. FREE.

[fastbullet]

0004673968, on 10 April 2012 - 05:12 AM, said:

I have seen e-mails with hundreds of emails displayed in them. Why? It is because senders are too lazy to clean off previous emails before forwarding. Those eMails are a hacker's delite.

I absolutely agree and my own sister was one of these lazy, stupid people who, even after I thoroughly explained the dangers, continued this practice. Everyone should make it a point to delete any addresses that arrive on an email before forwarding it.

The other thing everyone should have sense enough to do is use BCC and NOT CC to send email to multiple recipients-ESPECIALLY when the recipients do not know one another. The entire purpose of BCC is to BLIND recipients to anyone else's address.

This post has been edited by fastbullet: 11 April 2012 - 02:39 PM

[moe295]

A friend of mine just had this happen to him last week. He has an older SBC email account hosted by Yahoo. He was able to contact AT&T and they made a change to the SPF, which seems to have fixed the problem for now.

[Michael0ij2]

richpond, on 06 April 2012 - 10:31 AM, said:

Compromised, or spoofed? Here's a significant point. The article mentions this:

"The tactic can also increase the spam message's seeming legitimacy: You're more likely to open email that purports to come from a person or a company you know than email that comes from a total stranger."

Why are the spam messages going to people who know you? If a spammer only gets your e-mail address, and sends 'spoof' messages that seem to come from you, those spam messages go all over the place. They are not particularly sent to people you know. But if your own account or computer is compromised, the spammer will have not only your address to use as the 'from' address, but also names and addresses of people in your e-mail account to use for spam targets.

So if many people you know are getting messages that seem to come from you, someone may have your entire address book. That is more likely to signify that there's a real compromise rather than just a case of someone finding your own name and address for spoofing.

Richpond makes a very good point: spoofing doesn't give spammers access to your address book; it just uses your email address to send junk. If the junk goes to a bunch of your friends, it's probably not a case of spoofing, but more likely a hacked email account. If it's not hacked, the spammer doesn't have your friends' email addresses.

PCWorld could have done a much better job with this article by making it clearer. As written, it's not very informative.