Email spoofing 101 by Matteo Cosentino

February 8, 2022

Email spoofing is a technique mostly linked to malicious activities including phishing and spamming. From a formal(ish) standpoint, email spoofing is the act of sending an email with a forged sender address.

I got interested in this technique in the last few days, so I decided to experiment a bit with it.

Email spoofing basics

This technique is as old as emails are, in fact original transmission protocols (such as SMTP) don’t have authentication methods, and while security measures have been adopted these are not widely employed yet.

An email is composed of three different parts:

  • Envelope: data about sender and receiver addresses. This part of message is destined to the server, it’s generally not shown to the user by the client.
  • Header: meta-data of the email. Contains information like the subject of the email, the date and some info about sending/receiving addresses.
  • Body: the content of the email.

To get a bit more into details, the SMTP protocol specify two addresses in the envelope addressing part of the message:

  • MAIL FROM: it specifies the “return address” in case an email bounces.
  • RCPT TO: address to which the email will be delivered.

Other headers are often present, this set of information represent what the receiver will see when reading the email inside of a client.....

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023