Skip to main content

Email Spoofing

email spoofing
16 Oct 2014

What is Email Spoofing and How Can I Stop it?

Perhaps you’ve heard of spoofing attacks, but don’t know what the expression means, or how these particular attacks put your business at risk.

Spoofing is actually pretty simple to understand and prepare for, once you’ve taken the time to learn a little bit about them. Spoofing attacks aren’t actually a particular type of attack; instead, “spoofing” is a catch-all term used to describe any web attack that involves an attacker impersonating a device or user in order to cause harm to a network.

The motives behind spoofing attacks can vary greatly, so an organization generally has to be prepared for anything. Some attackers are looking to interrupt legitimate web traffic for a certain organization, as in the case of a denial of service attack. Others are looking to steal sensitive data that they can use to commit identity theft and other crimes. And some attackers may even be motivated purely by sport, launching a spoof attack just to prove they can.

No matter what the reason behind an attack, all email spoofing can generally be broken up into one of three different categories, based on the methodologies used:

  • IP address spoofing: In IP address spoofing, the attacker attempts to send IP packets from a spoofed IP address. By assuming a different IP address, they can flood a network with what seems to be traffic from legitimate users, thereby preventing actual legitimate users from getting through. These attacks depend on “trust relationships”, where a user’s identity is determined by IP address rather than user logins.
  • ARP address spoofing: An address resolution protocol (ARP) is used to pair IP addresses with MAC addresses. In an ARP address spoof, the attacker pairs their own MAC address with the IP address of a legitimate network user, causing data that is meant for that legitimate user to go to the attacker instead. These attacks are often used to steal or tamper with data.
  • DNS spoofing: A domain name system (DNS) is used to associate domain names that can be read by humans with their corresponding IP addresses. In a DNS spoof, the attacker changes a domain to associate it with a different IP address, often an IP address controlled by the attacker. This type of attack is often used to spread viruses and other malware.

To protect your organization from spoofing attacks, there are a number of steps you should take.

First, remove trust relationships from your network. Requiring a stronger form of authentication can help shut down many spoofing attacks before they begin.

Next, use packet filtering. This technology has the ability to detect and filter out malicious packets, allowing legitimate web traffic through with no interruption.

Finally, consider spoofing detection software. A good software solution can inspect data and remove anything that appears to be spoofed, making it especially effective against an ARP attack.

If you have any questions about email marketing please contact Zero Gravity Marketing.