Got one for the TV licence fee today.
Usually the email address is some gibberish but this time it resolved correctly to a major UK utility company.
E.g. madeupdepartment@eonenergy.com
The @eonenergy.com bit is correct and gets to their site.
(But not eon energy)
The email address is the real address, not the one displayed, which was TVLicense (sp).
Can this bit be spoofed as well or has the company’s mail servers been compromised?
|
All the fields actually displayed by regular email clients can be spoofed. To work out where the email actually originated you need to backtrack through the headers which usually aren't shown. Each mail relay adds it's own info to the top of the header trail as it passes through to the final destination and some (but not all) will check that the previous relay/server's ip or domain is resolvable. They don't (and can't) check the From: address for various reasons. It could originate from some department machine sat on an company's internal-only network with whatever name and address they've chosen for it. Or, it could be a task-id that has no real user behind it.
There should be an option on your client to see the whole message including headers for each email. For Thunderbird it's More-->View Source. On gmail it's More-->Show Original.
|