Why do phishing e-mails use faked e-mail addresses instead of the real one?Reading encrypted data before sent...

Does Garmin Oregon 700 have Strava integration?

Do Hexblade warlocks choose their spells from the Hexblade spell list or the warlock spell list?

How do you say "powers of ten"?

What is this waxed root vegetable?

Test pad's ESD protection

Manipulate scientific format without the "e"

Are small insurances worth it

Is it possible to convert a suspension fork to rigid by drilling it?

What am I? I am in theaters and computer programs

Giving a talk in my old university, how prominently should I tell students my salary?

A bug in Excel? Conditional formatting for marking duplicates also highlights unique value

Plagiarism of code by other PhD student

Get length of the longest sequence of numbers with the same sign

Why is s'abonner reflexive?

When should a commit not be version tagged?

What are all the squawk codes?

Is there a math equivalent to the conditional ternary operator?

Did Amazon pay $0 in taxes last year?

How can I handle a player who pre-plans arguments about my rulings on RAW?

What is knowledge and vision?

VAT refund for a conference ticket in Sweden

What happened to QGIS 2.x

Why can't we make a perpetual motion machine by using a magnet to pull up a piece of metal, then letting it fall back down?

I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?



Why do phishing e-mails use faked e-mail addresses instead of the real one?


Reading encrypted data before sent to remote serverMail server security: Mails to internal receivers with faked sender addressAttackers on sc.imp.live.comIs it enough to look at the sender's email address?Is this “security update” from security-update@amazon.com an advanced phishing scam or a real security measure from Amazon?How can an email header be used to verify the real sender?Can I trick a mail server into sending me an email?Phishing e-mail replied to internal email. What is compromised?Whitelisted, encrypted, signed e-mails: how could they be tricked?What is the point of spam mails containing nothing but random letters?













2















I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?










share|improve this question

























  • You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.

    – schroeder
    39 mins ago
















2















I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?










share|improve this question

























  • You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.

    – schroeder
    39 mins ago














2












2








2








I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?










share|improve this question
















I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?







email phishing






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 44 mins ago









schroeder

77.1k30171206




77.1k30171206










asked 1 hour ago









JFBJFB

380136




380136













  • You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.

    – schroeder
    39 mins ago



















  • You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.

    – schroeder
    39 mins ago

















You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.

– schroeder
39 mins ago





You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.

– schroeder
39 mins ago










2 Answers
2






active

oldest

votes


















4














While one could create a mail with @amazon.com as SMTP envelope and/or From field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.






share|improve this answer

































    0















    • The phisher may be hoping to get any replies to send to that address.

    • They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.


    Using this tool I was able to check that amazon.com does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.






    share|improve this answer
























    • SPF doesn't protect the From: header, but the envelope sender.

      – Esa Jokinen
      8 mins ago











    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "162"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204770%2fwhy-do-phishing-e-mails-use-faked-e-mail-addresses-instead-of-the-real-one%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    4














    While one could create a mail with @amazon.com as SMTP envelope and/or From field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.






    share|improve this answer






























      4














      While one could create a mail with @amazon.com as SMTP envelope and/or From field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.






      share|improve this answer




























        4












        4








        4







        While one could create a mail with @amazon.com as SMTP envelope and/or From field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.






        share|improve this answer















        While one could create a mail with @amazon.com as SMTP envelope and/or From field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 42 mins ago









        schroeder

        77.1k30171206




        77.1k30171206










        answered 56 mins ago









        Steffen UllrichSteffen Ullrich

        118k13204272




        118k13204272

























            0















            • The phisher may be hoping to get any replies to send to that address.

            • They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.


            Using this tool I was able to check that amazon.com does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.






            share|improve this answer
























            • SPF doesn't protect the From: header, but the envelope sender.

              – Esa Jokinen
              8 mins ago
















            0















            • The phisher may be hoping to get any replies to send to that address.

            • They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.


            Using this tool I was able to check that amazon.com does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.






            share|improve this answer
























            • SPF doesn't protect the From: header, but the envelope sender.

              – Esa Jokinen
              8 mins ago














            0












            0








            0








            • The phisher may be hoping to get any replies to send to that address.

            • They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.


            Using this tool I was able to check that amazon.com does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.






            share|improve this answer














            • The phisher may be hoping to get any replies to send to that address.

            • They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.


            Using this tool I was able to check that amazon.com does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered 55 mins ago









            ShapeOfMatterShapeOfMatter

            2115




            2115













            • SPF doesn't protect the From: header, but the envelope sender.

              – Esa Jokinen
              8 mins ago



















            • SPF doesn't protect the From: header, but the envelope sender.

              – Esa Jokinen
              8 mins ago

















            SPF doesn't protect the From: header, but the envelope sender.

            – Esa Jokinen
            8 mins ago





            SPF doesn't protect the From: header, but the envelope sender.

            – Esa Jokinen
            8 mins ago


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204770%2fwhy-do-phishing-e-mails-use-faked-e-mail-addresses-instead-of-the-real-one%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Фонтен-ла-Гаярд Зміст Демографія | Економіка | Посилання |...

            Список ссавців Італії Природоохоронні статуси | Список |...

            Маріан Котлеба Зміст Життєпис | Політичні погляди |...