Forged Email


There has been quite a bit of confusion lately regarding email. Many individuals at the University have been receiving messages that state they sent an email containing a virus. To help alleviate some fears, a short explanation of how these viruses use email is below.

For an email today, typically the recipient sees something like this:

Date: Fri, 30 Jan 2004 07:28:45 +0000
From: Company X
Subject: You may have already won!!!

One important point to make is that "Company X" may or may not have sent the message. Anyone can put mail in a mailbox with a false return address on it. In the same way, anyone can claim to be someone else when sending an email.

Many recent viruses take advantage of this, and pretend to be from someone, mostly to help hide their tracks, and to try and give legitimacy to the message. After infecting a system, they will collect all the email addresses that they can find on that computer, and take two of them at random. The first one becomes the “From” address and the second one becomes the “To” address. In almost all of the cases, neither of these people nor their computers were involved in this. However, many anti-virus servers are configured to send a warning back to the sender – in this case, the forged “From” address. The only relation that the alleged sender may have to the recipient is that a third person, who has both the sender and recipient's email addresses, has been infected.