Email spoofing describes the practice of an email sender changing the information in an email's header so it reports a different originating email address than the address from which it was actually sent. Because spoofing email is not difficult to do, the average email user will encounter email spoofing on a regular basis. While some users spoof an email address for legitimate reasons like replying to business email from a personal mailbox, the practice is usually used in spamming and email scams. Email spoofing can be used to steal personal information or to confuse a user into downloading a virus.
Essentially used to make an email look like it came from somewhere it did not, the process of spoofing an email is almost as easy as writing the wrong return address on a piece of mail. The standard used for sending Internet email, called Simple Mail Transfer Protocol (SMTP), allows a user to write in any correctly formatted email they want. An email's originating address does not have to match with the sending address to go through in an SMTP system. Spoofed emails are usually sent by robot programs designed to send mass spoofed emails.
Scams that use the email spoofing capabilities of SMTP are many. Email spoofing can be used to fool a user into opening a virus attachment in an email that appears to be from a friend. Companies that send spam emails often spoof the email address to the legal problems associated with breaking federal and local anti-spam laws. Sending a falsified email header or an email with an subject line designed to trick the email user is illegal in the United States.
One of the most serious types of email scams associated with spoofing is phishing. Phishing occurs when an email sender makes an email appear to be from a legitimate source in order to gather information like usernames, passwords, credit card information, and other private data. Emails designed to mislead email users into inputting private data often look almost exactly like real emails sent from the company, down to the appearance of the company website and the of the company email and logo. These scam emails are usually made to look like a commonly used company or service like a bank, credit card company, or online florist. Though most phishing emails are sent out at random to any email address the spammers were able to gather, some spammers target specific groups of web users whose email contact information may have been accidentally breached or sold by a company that legitimately collected the email address.