Check email header information for signs of spoofing

By December 3, 2018Email, Security, Tech Tip
Email Spoofing

Think about this scenario: A friend tells you that they received a message from your email address that wasn’t really sent from you. They think you’ve been hacked and your account is sending malicious emails to friends. How do you know if your email address account has been compromised, or if this malicious attempt is just spoofing your email address?

Email “spoofing” means that an attacker is impersonating you by pretending to send an email from your account. The recipient of the email will see your email… but if you dig deeper into the email message’s contents, you can often see whether the email was truly sent from your account or only made to appear so.

This type of impersonation is possible because email messages can show a difference between “display” information and the actual information embedded in what’s called the “email header”. Spoofing is an attempt to forge the email header, taking advantage of email protocols’ lack of authentication.

How do you view an email header or the “original message”?

  • In Gmail, while viewing the email, click the More icon (three vertical dots) at the top right and select “Show original” from the list.
  • In Outlook, open the email, then go to File > Properties and look in the Internet headers

If the authenticated sender, or “from” address, in the email’s properties matches your email address, then your account was compromised. But if the sender’s email address in the properties isn’t your address, then it may have simply “spoofed” your email while actually sending from a different account.

It always pays to check email message discrepancies. Keep an eye out for display names and “from” addresses that don’t seem to match each other, or don’t match the original message properties.


Recent Posts / View All Posts

Confessions of an IT Professional Series

Confessions of an IT Professional – Part 2 – Data Backups

| Security | No Comments
This week's article is the second in a series by OXEN's own Terry Allen, one of our technical engineers based in Joplin, MO. Part 1 is here. This post originally...
Email Spoofing

Check email header information for signs of spoofing

| Email, Security, Tech Tip | No Comments
Think about this scenario: A friend tells you that they received a message from your email address that wasn’t really sent from you. They think you’ve been hacked and your...
White Industrial Seismology

Solid Cloud-Based Solutions for White Industrial Seismology

| Testimonials | No Comments
Since 2003, OXEN Technology has worked with White Industrial Seismology to meet their business technology needs. White has provided state-of-the-art vibration monitoring equipment and data analysis services since it was...

Leave a Reply