Changes between Initial Version and Version 1 of faq/email/address-hijacked


Ignore:
Timestamp:
Oct 30, 2007, 1:20:56 PM (14 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • faq/email/address-hijacked

    v1 v1  
     1== Help! My Email Address has been hijacked ==
     2
     3Often a friend or colleague will email us a message that seems to have been sent from us, but that we didn't send. Other times, we get a bounce, that seems to indicate that we sent a message to a non-working email address, however, we didn't send the original message.
     4
     5This common occurrence happens because the email system in place on the Internet does not verify the from address. So, we can send email messages from any address we choose simply by telling our email program to use a different address in our from field (anyone with Thunderbird/Icedove can add an arbitrary from address by clicking on the "Manage identities" button in your account settings). Try it - it's fun! You can send a message to your friends from george.bush@whitehouse.gov or che@revolution.org.
     6
     7Other people on the Internet do not necessarily do this trick for fun. More often, it is done by spammers and virus writers to convince you to open the message. If a message comes from a familiar looking from address, you might be more likely to open it. Virus writes have used the trick to great effect. If you're friend's computer is compromised, the virus might check the address book and try to re-send itself to everyone in the address book in an email from your friend.
     8
     9The bottom line is: there's nothing we can do to stop someone from sending a message from your email address.
     10
     11Along with the bottom line comes another one: you should never believe a message came from someone just because their email address is in the from line!
     12
     13A more effective method for ensuring that the email you are receiving comes from the person you think they are, is to use Gnu Privacy Guard.
     14
     15There's a decent introduction to the concept here:
     16
     17http://aplawrence.com/Basics/gpg.html
     18
     19The examples all used the command line - but that's not necessary! If you are using the [http://www.mozilla.com/en-US/thunderbird/ Thunderbird/Icedove] email program, you can get started with GnuPG with [http://www.linuxjournal.com/article/8578 this tutorial].