Ryfujk

Does Garmin Oregon 700 have Strava integration?

Do Hexblade warlocks choose their spells from the Hexblade spell list or the warlock spell list?

How do you say "powers of ten"?

What is this waxed root vegetable?

Test pad's ESD protection

Manipulate scientific format without the "e"

Are small insurances worth it

Is it possible to convert a suspension fork to rigid by drilling it?

What am I? I am in theaters and computer programs

Giving a talk in my old university, how prominently should I tell students my salary?

A bug in Excel? Conditional formatting for marking duplicates also highlights unique value

Plagiarism of code by other PhD student

Get length of the longest sequence of numbers with the same sign

Why is s'abonner reflexive?

When should a commit not be version tagged?

What are all the squawk codes?

Is there a math equivalent to the conditional ternary operator?

Did Amazon pay $0 in taxes last year?

How can I handle a player who pre-plans arguments about my rulings on RAW?

What is knowledge and vision?

VAT refund for a conference ticket in Sweden

What happened to QGIS 2.x

Why can't we make a perpetual motion machine by using a magnet to pull up a piece of metal, then letting it fall back down?

I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?

Why do phishing e-mails use faked e-mail addresses instead of the real one?

Reading encrypted data before sent to remote serverMail server security: Mails to internal receivers with faked sender addressAttackers on sc.imp.live.comIs it enough to look at the sender's email address?Is this “security update” from security-update@amazon.com an advanced phishing scam or a real security measure from Amazon?How can an email header be used to verify the real sender?Can I trick a mail server into sending me an email?Phishing e-mail replied to internal email. What is compromised?Whitelisted, encrypted, signed e-mails: how could they be tricked?What is the point of spam mails containing nothing but random letters?

2

I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?

email phishing

share|improve this question

edited 44 mins ago

schroeder♦

77.1k30171206

asked 1 hour ago

JFBJFB

380136

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.
  
  – schroeder♦
  39 mins ago
  

  
  
  
  

add a comment | 

2

I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?

email phishing

share|improve this question

edited 44 mins ago

schroeder♦

77.1k30171206

asked 1 hour ago

JFBJFB

380136

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.
  
  – schroeder♦
  39 mins ago
  

  
  
  
  

add a comment | 

I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?

email phishing

share|improve this question

edited 44 mins ago

schroeder♦

77.1k30171206

asked 1 hour ago

JFBJFB

380136

share|improve this question

edited 44 mins ago

schroeder♦

77.1k30171206

asked 1 hour ago

JFBJFB

380136

share|improve this question

edited 44 mins ago

schroeder♦

77.1k30171206

asked 1 hour ago

JFBJFB

380136

edited 44 mins ago

schroeder♦

77.1k30171206

edited 44 mins ago

schroeder♦

77.1k30171206

asked 1 hour ago

JFBJFB

380136

asked 1 hour ago

JFBJFB

380136

2 Answers
2

active

oldest

votes

4

While one could create a mail with @amazon.com as SMTP envelope and/or From field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.

share|improve this answer

edited 42 mins ago

schroeder♦

77.1k30171206

answered 56 mins ago

Steffen UllrichSteffen Ullrich

118k13204272

add a comment | 

0

• The phisher may be hoping to get any replies to send to that address.


• They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.

Using this tool I was able to check that amazon.com does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.

share|improve this answer

answered 55 mins ago

ShapeOfMatterShapeOfMatter

2115

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  SPF doesn't protect the From: header, but the envelope sender.
  
  – Esa Jokinen
  8 mins ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204770%2fwhy-do-phishing-e-mails-use-faked-e-mail-addresses-instead-of-the-real-one%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

4

While one could create a mail with @amazon.com as SMTP envelope and/or From field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.

share|improve this answer

edited 42 mins ago

schroeder♦

77.1k30171206

answered 56 mins ago

Steffen UllrichSteffen Ullrich

118k13204272

add a comment | 

4

While one could create a mail with @amazon.com as SMTP envelope and/or From field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.

share|improve this answer

edited 42 mins ago

schroeder♦

77.1k30171206

answered 56 mins ago

Steffen UllrichSteffen Ullrich

118k13204272

add a comment | 

While one could create a mail with @amazon.com as SMTP envelope and/or From field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.

share|improve this answer

edited 42 mins ago

schroeder♦

77.1k30171206

answered 56 mins ago

Steffen UllrichSteffen Ullrich

118k13204272

share|improve this answer

edited 42 mins ago

schroeder♦

77.1k30171206

answered 56 mins ago

Steffen UllrichSteffen Ullrich

118k13204272

edited 42 mins ago

schroeder♦

77.1k30171206

edited 42 mins ago

schroeder♦

77.1k30171206

answered 56 mins ago

Steffen UllrichSteffen Ullrich

118k13204272

answered 56 mins ago

Steffen UllrichSteffen Ullrich

118k13204272

0

• The phisher may be hoping to get any replies to send to that address.


• They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.

Using this tool I was able to check that amazon.com does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.

share|improve this answer

answered 55 mins ago

ShapeOfMatterShapeOfMatter

2115

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  SPF doesn't protect the From: header, but the envelope sender.
  
  – Esa Jokinen
  8 mins ago
  

  
  
  
  

add a comment | 

0

• The phisher may be hoping to get any replies to send to that address.


• They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.

Using this tool I was able to check that amazon.com does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.

share|improve this answer

answered 55 mins ago

ShapeOfMatterShapeOfMatter

2115

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  SPF doesn't protect the From: header, but the envelope sender.
  
  – Esa Jokinen
  8 mins ago
  

  
  
  
  

add a comment | 

• The phisher may be hoping to get any replies to send to that address.


• They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.

Using this tool I was able to check that amazon.com does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.

share|improve this answer

answered 55 mins ago

ShapeOfMatterShapeOfMatter

2115

share|improve this answer

answered 55 mins ago

ShapeOfMatterShapeOfMatter

2115

answered 55 mins ago

ShapeOfMatterShapeOfMatter

2115

answered 55 mins ago

ShapeOfMatterShapeOfMatter

2115