top | item 45265454

(no title)

opesorry | 5 months ago

Assuming I follow what you want to know, the wikipedia page on email spoofing should provide the info you desire. https://en.m.wikipedia.org/wiki/Email_spoofing

I'm pretty surprised gmail didn't flag this at least. When I did it for a class in Uni, it always let me know that the FROM header didn't match the sender since that's a clear attack vector

discuss

like_any_other|5 months ago

His phrasing is very confusing - claiming the "from" field was spoofed, but that if he could see the "full header", he could have spotted the spoofing.

I would also assume something as prominent as the Gmail website/app for iOS, and the google.com domain, would have all possible email security features correctly configured.

So.. is this not the case? Or is it, but due to bad UI, despite all this security, any schmoe can send email appearing to come from google.com, and I have to pore over unspecified details in the "full header" to spot a fake?

Avamander|5 months ago

It could indeed be that some MUAs only display the comment section. In theory you can use a MIME from like '"Google <google@google.com>" foo@example.com'. Though most spam filters heavily frown upon garbage like that. Things like '"Foo (google@google.com)" <foo@example.com>' will likely pass though. (It's commonly done by shit forwarders.)

Apple Mail does allow you to see the actual sender if you tap on the name though. Outlook has been way worse in that aspect, by not letting you see the full sender. At some point it even saved these fake addresses automatically in your address book if it matched a contact's name or something. (I couldn't find the thread about it right now, but it has been discussed elsewhere.) It's a disservice to everyone except attackers to be honest.

vehementi|5 months ago

On obvious spoofs I see "legal@gmail.com <via scamdude@askjdfaskldfj.net>". I think he means that it didn't indicate the latter. And if gmail phone app didn't fail to display headers he could have looked