An Email Application with Active Spoof Monitoring and Control Author: T.P. Fowdur, L.Veerasoo Presenter: Haozhou Yu
The E-mail Mail User Agent (MUA), Mail Transfer Agent (MTA) Simple Mail Transfer Protocol (SMTP) The email send and receive procedure, the weekpoint
Spoof imitate (something) while exaggerating its characteristic features for comic effect. hoax or trick (someone). interfere with (radio or radar signals) so as to make them useless. Dictionary explaination
E-mail spoofing Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source.
SMTP MAIL FROM: - generally presented to the recipient as the Return-path: header but not normally visible to the end user, and by default no checks are done that the sending system is authorized to send on behalf of that address. RCPT TO: - specifies which email address the email is delivered to, is not normally visible to the end user but may be present in the headers as part of the "Received:" header. Together these are sometimes referred to as the "envelope" addressing, by analogy with a traditional paper envelope,[1] and unless the receiving mail server signals that it has problems with either of these items, the sending system sends the "DATA" command, and typically sends several header items, including: From: Joe Q Doe <joeqdoe@example.com> - the address visible to the recipient; but again, by default no checks are done that the sending system is authorized to send on behalf of that address. Reply-to: Jane Roe <Jane.Roe@example.mil> - similarly not checked and sometimes: Sender: Jin Jo <jin.jo@example.jp> - also not checked
SMTP itself lacks authentication so servers that are poorly configured in this way are prey to abusers. And there is nothing that can stop a determined attacker from setting up his own email server.
E-mail spoofing https://en.wikipedia.org/wiki/Email_spoofing Sender and receiver, examples and data Date and time spoofing Anti-spoofing
E-mail spam E-mail spoofing is not spam It is more dangerous than spam
Anti-spoofing The idea of anti-spoofing The tools, ways SSL HTTPS Authentication message
Proposed application How it works
Artecture
Test
Conclusion and analysis Web based client-oriented Advantages and limitations Last part of the paper Have a discuess