Sunday, April 22, 2007

Email spoofing

I am a technologist - that's what I do. But not every problem has a "technical" solution. Sometimes, decisions made for reasons other than technical purposes foul things up. Take my recent problems with a well known online recruitment website.

As everyone in technology knows, spoofing is pretending to be something that you are not. In this case, email spoofing is pretending to send email from a person that isn't really sending it. A good example is regular snail mail - would you send a letter, addressed from yourself, to yourself? Probably not, yet this happens all the time in the email world. And any anti-spam solution worth its salt automatically "tags" spoofed emails to prevent them from getting through to your mail server.

The problem is when entities outside of your network start using your email addresses. So when the entity sends you an email, the "From" and "To" fields are the same - email spoofing. Organization do this for various reasons - I'm not sure of them but there must be a reason. Well, this practice gives headaches to email administrators like me because there is no good way around it. I don't want to manually start entering IP addresses of external mail servers - what happens when the addresses change and nobody tells me? I can tell things are going to get interesting.


No comments: