E-mail Header Spoofing Information

Email Headers Spoofed/Forged?

As with any other Email Service in the Internet, SPAM (Unsolicited Commercial Email) is affecting IEEE members using the IEEE e-mail alias service. As SPAM (junk or unsolicited e-mail) continues to increase, IEEE members and staff are seeing that the To: and From: email header fields on some of their messages are being changed (or spoofed).

 Spammers and worms/viruses are capable of sending email messages to an email recipient where the From: address appears to be someone the email recipient knows or from someone appearing to be sending the message from a server within the IEEE domain (i.e., somebody@ieee.org). The reality is that these messages are originating from unknown locations in the Internet. Also Spammers and worms/viruses can change the To: address and in some cases no even include the To: address in their messages.

 The purpose of this document is to explain who the email headers can be changed (or spoofed).

Envelope Address vs. Message Header Address

Email messages contain two set of addresses: the envelope addresses and the message header addresses. Using as an example the U.S Mail Service, the distinction between the the envelope address and the message header address can be explained.

In order to send a letter via U.S. Mail, the sender needs an envelope, the address information of the intended recipient, and the content (e.g. letter) that will be mailed to the recipient. The sender prints the address of the intended recipient on the envelope, but the recipient address often appears in the text of the letter or contents inside the envelope. The recipient's address printed on the envelope is what allows the letter to be delivered to the recipient (not the address printed on letter inside the envelope). In reality, the recipient's address in the letter can be totally different from the recipient's address printed on the envelope, but the letter would still be delivered. This also applies to the sender's address since it appears on both the envelope and on the letter inside the envelope.

Like U.S. Mail, electronic mail (email) has two sets of addresses. Email has an envelope address that is used to actually deliver email to the correct person. Email users do not see this envelope address information when email messages are received, even if they look at the full-headers. The email envelope address is used by the email servers for the delivery email into individual email accounts.

Just as there is an address as part of the text of a letter inside a U.S. mail envelope, email has a second set of addresses in the header of the email message. These are the addresses that email users normally see in the To: and From: headers of an email message.Similiar to the U.S. Mail example, these addresses are not Required to be correct for the message to be delivered. In fact, email senders can make these addresses to be anything they want.

The email envelope addresses use during the delivery process dnd the addresses in the message header do not need to match. The email addresses next to the "To:" and "From:" headers on spam messages are usually meaningless.

In a Nutshell

1. The email ENVELOPE address needs to be a real email address because this address is used to deliver email to a recipient.
2. The address in the message HEADERS (To: and From:) can be spoofed because they are not used by the email delivery process.
3. When reading an email message, users can view the addresses in the message HEADERS, (To: and From:) but are unable to see the ENVELOPE addresses.