IP Spoofing and Other Header Fraud Resources Unsolicited Commercial Electronic Mail

Some spammers -- and others -- use various types of technological fraud to deceive email recipients. The intention is to play with the information contained in the headers to make the email look like it comes from someone else. Changing header information like this is generally called spoofing.

The following links point to resources requiring various amounts of technical know-how. Some are written for the novice, and some require a fair amount of knowledge of the way email works.

IP-Spoofing Demystified. A description from Phrack Magazine of how IP spoofing works and how it can be prevented.

Internet Holes-Eliminating IP Address Forgery. Another description of how to prevent IP spoofing.

Spoofing, Spamming, and Mail Forwarding. A brief discussion of how spamming and spoofing are related.

Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network, Chapter 28: Spoofing Attacks. An easier-to-follow discussion otherwise similar to the Phrack Magazine article.

Anti-Spam Provisions in Sendmail 8.8. How sysadmins can prevent their systems from being spoofed.

Spoofed/Forged Email. A description from CERT of how to prepare for and recover from a spoofing attack.