Spoofing email is rather simple. I can do it myself just using Linux and Sendmail. Now, if somebody is really paying attention, they can detect this by looking at all the headers. And it is even possible to get around this, if the hacker can connect to the receipt ant's ISP using the SMTP port. I know that my ISP blocks all outgoing connections on the SMTP port, unless it is to their email server. So the only way to really do it is to crack the user's email provider's email server. How difficult that is depends on the expertise of the email server's admins. I would guess that, like most, some are excellent and others are tofu.
-- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Steve Comstock > Sent: Thursday, September 20, 2012 12:10 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: OT - disappearing responses > <snip> > > John, > > you're missing his point: it's not that your home computer > can be broken into. It's that using his or her own computer > they can spoof your email address, as you suggest in the > next paragraph. Ah, I see. I read "it's not YOUR PC, it's the HACKER's PC" as meaning "the PC in your home does not belong to you, it belongs to the HACKER who is stealthily using it without your knowledge". I guess I should have read it as "your email account can be spoofed on the hacker's PC". My mistake. > > > > > I guess that somebody could "spoof" my email account. That is outside > my > control. I guess that could be used in some "social engineering" > context. I also > have identity theft "protection", for whatever that might actually be > worth. > > > > Spoofing your email account can be done outside some social > engineering contxt. At least that seems to be the concensus > in this conversation, although I lack the technical knowledge > of how to do it myself. > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN