I recently switched my mail/domain from Google to name cheap. I’ve been keeping a critical eye on my junk mail as the spam filtering doesn’t seem as good.
I saw neat scam email from my own email adress. It was the usual “I am a hacker give me money” nonsense but the trick with them using my own email adress is pretty neat. I assume they’ve injected some sort of common replace string?
Just curious if anyone knows the trick here.
dual_sport_dork@lemmy.world 1 year ago
It is trivial to write a piece of software, or use existing email software, to forge the contents of the from: field in an email header. In fact, you can forge the entire email header if you feel like, and there’s really nothing stopping anyone from doing it. You can fire off any email containing any header – forged or not – at any mail server and the data will at least get there. What the mail server does with it afterwards is up to however it’s configured.
There are various techniques that email providers and mail relays use to attempt to verify the integrity of email messages, including DKIM, reverse DNS or PTR record, and the Sender Policy Framework, and if any of these don’t check out the mail server may reject incoming messages or automatically divert them to spam folders. This isn’t foolproof, though, and some mail servers are more lenient than others. Many private mail servers are also misconfigured, or minimally configured, and allow pretty much any damn fool thing to get through.