Ask Your Question
1

Why can i send emails with false sender assigned?

asked 2020-03-27 09:37:09 +0100

gancheva@in.tum.de gravatar image
rbg

The following questions occur often:

  • I have found out that on email platforms such as Webmail / Thunderbird / Outlook / Apple Mail I can enter another sender, without knowing the password! I can even use the address of a professor! (or: I am a professor, can others send to my address ???)

  • I receive spam emails from colleagues or from my own address as the sender. How is that possible?!

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
1

answered 2020-03-27 09:49:19 +0100

gancheva@in.tum.de gravatar image
rbg

You can get certificates from the RBG to send signed emails. With signed mails, the recipient can be sure that the sender is the right one.

Without such signatures, it is basically impossible to prohibit the forgery of sender-identities. This is because of how email works.

  • Mails that come in from outside can basically have any sender. They come in from external servers that are not under our control, and it is up to the external servers to determine which sender address they provide. Because spammers have been exploiting this for a long time, various mechanisms have been developed to identify fake senders as spam. As with spam detection, the result is not absolute, it only indicates the probability that a mail is spam.
    • Mails from within our network are accepted by our SMTP servers without requiring a password. This means that even if we introduce complex measures in webmail to avoid fake senders, you could still send it directly to the SMTP server. We will probably not change that either, because otherwise, the chairs would no longer be able to operate their own mail servers or other auto mailer systems, which they like and do a lot.

The possibility of fake emails is well known and can also be read on Wikipedia: Email Spoofing

In addition, the user can select, which sender is used when sending emails in his mail client, e.g. in Thunderbird under Account Settings under "Default Identity" or under "Manage Identities". You can also set up several different sender identities that are used on a case-by-case basis. This is often used by users of our Project IDs. Of course, you have to make sure that you do not make a mistake when setting the sender, because - as described above - no one checks whether the sender is correct.

edit flag offensive delete publish link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-03-27 09:37:09 +0100

Seen: 7 times

Last updated: Mar 27 '20