How spammers make you think you’ve been compromised
With spam email now accounting for more than 75% of the world’s e-mail, we get asked about the following situation on a weekly basis:
You received an email today which concerned you. It purported to come from somebody inside your very own "yourCompany".com domain. Rest assured, there’s a 99.9% probability that it did not.
Email addresses are very easy to fake in the visible body of an email. What is impossible to spoof in an email is the IP address the mail came from, which you will find in the invisible ’headers’ of an email. Your mail account’s public IP address is 194.116.161.xx, so if the mail had come from somebody using the "yourCompany" mail server it would have had this IP address in the headers.
Search your mail client’s documentation to find out how to display the headers of an email. In webmail, when reading an email, you simply click the icon that says "Full Headers" when you hover your mouse over it.
Looking at the headers of the original email that prompted this document we could tell the client that it came from an account belonging to Charter.com, an ISP based in USA. The IP address of the sender was given as 22.214.171.124, which resolves to "68-118-185-78.dhcp.nwtn.ct.charter.com".
As soon as the spammers are found out they move on to another ISP. It is bothersome for both you the client and us the ISP but there are no real security issues for you, our clients, to worry about. The only time this should concern you is if the sender’s IP address is the same as your own mail server IP address and then the email is indeed being sent either from within your own organisation or an organisation hosted by us on the same mail server. However, these cases are extremely rare.
The easiest way to explain this is that when you send somebody an envelope in the mail you normally put your own address on the back. That way people know it’s from you. But you could easily put my name on the back and people would think it was from me. It’s that easy! With e-mail it is similar but not the same. At first glance the principles appear to be the same, but envelopes do not have IP addresses and that is why email is far more difficult to spoof with any degree of accuracy than traditional post. It just looks like it!
Read this to get an idea of where we are in the fight against spam!