What is address spoofing?
What is address spoofing and what does it have to do with email spam? Address spoofing is a technique used by cybercriminals as well as mass-mailing worms to make the recipient think the mail came from a different address. It is typically done by changing some certain properties of the email, such as the "Reply-to", "Reply-path" and "From" fields. The point is to make the recipient believe that the address in the "From" field is the sender’s address, but usually the real sender can be found in the "reply-to" field.
Spammers tend to use special software, which creates random addresses, making it highly improbable that the supposed address of the sender even exists. Mass-mailing worms use a different tactic: they search for addresses in the infected user’s address book and send spam under one of them to a third one, and so on. For example, the worm searches A’s Outlook address book and finds B and C’s addresses, it then sends an email from A’s computer to B using C’s address in the "From" field.
This method allows spammers to make you believe that, say, "admin@gmail.com" is offering you to buy cheap aphrodisiacs and since the sender is definitely a legitimate source, those who are more gullible than most of us may actually trust it. Spoofing an email address is not a difficult task, especially given the amount of malicious software tools one can download via internet. So next time when you check your email, do not pay as much attention to the "from" field as to actual content of the message.
Recently commented malware