Correct, it is easy to forge email. There are some moderately successful ways to help people and spam filters detect forged email and verify email that was sent from an authorized server, in particular SPF and DKIM can help confirm that email originated from your SMTP server and has your DKIM authorized signature, and are easy to configure for individuals or small organizations. Some spoofed email occurs because your personal accounts and computers have been compromised; this is a particular problem in that you actually send email to your personal address book, and typically, the emails you send have links that can replicate the infection, or informs your trusted friends you have lost your credit card and passport and need you to wire them money. Other hacks just steal your email lists and continue to email to them from your email. In both cases, these spoofs are more serious because they target your personal trust networks, and prevention requires you to be careful what you click on in received emails and how you browse the web, and what programs or plugins you install. As well, you need secure passwords, and should be careful from where you log in, and should use secured connections to your mail servers. This stuff is where you do have responsibility for protecting your own identity and where the consequences of failing fall most on your personal trust relationships. Charlie -----Original Message----- From: hidden-discuss-bounces at lists.hidden-tech.net [mailto:hidden-discuss-bounces at lists.hidden-tech.net] On Behalf Of Rich Roth Sent: Thursday, December 11, 2014 10:10 AM To: shel at principledprofit.com; Dede Cc: Hidden-Tech Tech Subject: Re: [Hidden-tech] new spam call technique? Shel and others, I need to clarify for all that forging an email address requires (almost) NO technical skill, unlike faking a caller ID. Doing that, at a minimum, requires interfacing with the phone system, although it seems easier now that VOIP services are more common, at least it is actually illegal in many cases. In contrast, forging an email address is so simple, because there is no verification of the from address in the underlying SMTP (simple mail transfer protocol) used to send email, and available on any internet connected system. Any 'From address' validation you may see is done by the user program (MUA) that you are running, not the transfer program (MTA). For those interested, look up RFC 821 (dated Aug 1982) and subsequent IETF RFC's On 12/10/2014 10:35 PM, shel at principledprofit.com wrote: > Yup. Been happening for about eight onths, not very frequently, > fortunateoy. And spammers have been forging my name and sometimes one > of my e-addresses for years. Very frustating and annoyijng but <i have > not found a way to shut them down. > > -- Rich Roth Webmaster/Steering Committee Member Hidden-tech http://www.hidden-tech.net The Talent you need is right here, Join and share your skills ((Sponsored by Thrives Media)) http://www.thrivesmedia.com http://www.welovemuseums.com _______________________________________________ Hidden-discuss mailing list - home page: http://www.hidden-tech.net Hidden-discuss at lists.hidden-tech.net You are receiving this because you are on the Hidden-Tech Discussion list. If you would like to change your list preferences, Go to the Members page on the Hidden Tech Web site. http://www.hidden-tech.net/members