Scam emails allowed from edited sender addresses. No security?
Can I receive emails with a false sender name? Could a legitimate sender name be used to fool me into opening email/attachment? I received 2 emails with attachments from myself which I didn't send!
All Replies (2)
This is a common practice of spam mailers.
If you can think of a way to prevent this, then I think you could become very rich quite quickly. Email was designed in a gentler age where it was initially something of a plaything used between academics on university networks. They didn't foresee any need to be able to validate the sender.
You could in theory travel around the world with your own computer, or you might use other people's computers, and you would be able to send email messages as yourself from multiple locations. How could any email client know how to judge if any of these were either valid or invalid?
The best answer I can come up with is to use encryption and signing e.g. gpg or S/MIME (and even this isn't absolutely bombproof). But few people seem willing to embrace the idea of digital signatures, key pairs and to use the tools necessary to encrypt and decrypt messages and validate signatures.
In Thunderbird, a useful addon is one that shows the "hops" taken by an email message, usually with a flag to indicate the country of origin. Whilst these details can also be spoofed to some extent, it's rare for the actual country of origin to be totally obfuscated. When I see a message purporting to be from my British bank that has, say, a Brazilian flag against it, then it's highly unlikely to be genuine.
https://addons.mozilla.org/en-US/thunderbird/addon/mailhops/