FW: [WEB4LIB] Spoofing e-mail addresses

Thomas Edelblute tedelblu at usiu.edu
Wed Oct 14 14:56:29 EDT 1998


If you truly want to be anonymous, or if you want to impersonate someone
else, you can easily spoof an e-mail from a UNIX prompt. I will not post
the commands for doing this, but from a UNIX prompt, I can create a
bogus e-mail address and UNIX will not check to see if this is a real
domain. In fact, UNIX is very polite in saying "Thank You" for doing
this.  I can then type my e-mail message and send it out.  If I am using
a bogus e-mail address, any replies sent out will bounce back because
the e-mail address I supposedly sent it from does not exist.

Now lets say I use this to impersonate the University President. Another
great feature of using UNIX in this way is there is no possible way to
trace the e-mail back to its sender. So did the University President
send it out, or someone trying to hurt the University?  No one will
every be able to prove it one way or the other.

Something to think about when looking at computer security.

Thomas Edelblute
United States International University
or is it?

-----Original Message-----
From: Ron Ashley [mailto:wizpop at hotmail.com] 
Sent: Wednesday, October 14, 1998 11:05 AM
To: Multiple recipients of list
Subject: [WEB4LIB] Re: E-mail in libraries


So.. Just for fun.. This comes to you all via hotmail. If I chose to 
flame/dis/rage on at you, could you tell who I am?

I only just today joined hotmail, and from there subscribed to web4lib. 
I have posted to web4lib before, under a real name.

I think I will probably adopt a 'both worlds' approach.... I will 
disallow hotmail, botmail, freemail, etc, but allow registered users 
telnet access to their campus mail accounts.

>From there, they are accountable for their e-mail.

>From here, I don't think I can be made to be.

I don't mean this to be a challenge... just a demonstration of the power

of anonymity.. Since I did it all from my personal workstation, I 
*might* be traceable by IP address. If I'd gone out to the floor, I 
don't think anyone could track me.





______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.webjunction.org/wjlists/web4lib/attachments/19981014/6fe3641c/attachment.htm


More information about the Web4lib mailing list