Email spoofing explained: Who does it and how?
Email spoofing definition
Email spoofing is forging email so it looks like it came from someone it didn’t. I learned to spoof email in the fall of 1993 during my sophomore year at Northwestern. An upperclassman in my dorm showed me. At that time, we read our email by telnetting into the campus mainframe and then using elm, the precursor to Mutt.
“Look,” he said, “You just change the “From” header to whatever you like. Don’t–don’t–ever do this for real or we’ll both get in trouble.” I never did.
[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they’re for, what they cost, and which you need. | Sign up for CSO newsletters. ]
For several decades email spoofing was that easy, and only in recent years have security mitigations for this problem been tacked on as a late afterthought. Kludges like SPF, DKIM and DMARC make email spoofing harder than it used to be, but these band-aids are not universally applied and workarounds remain for scammers and spammers and phishers to spoof.
Source:: IT news – Security