Taken from a "spoof," or comical imitation of a drama (parody), a term in computers used to describe tricking a recipient into thinking you are someone else and therefore leaving your real identity unknown. Spoofing is only really useful if you don't need two way communication so it is useful for internet fraud, spam or other kinds of prankstering.
E-mail Spoofing is when an email message appears to have originated from one source when it actually was sent from another. Email spoofing is suprisingly easy, with sending mails that appear to come from firstname.lastname@example.org or email@example.com very easy to make.
Spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords). Spoofed email can range from harmless pranks to social engineering ploys. Examples of the latter include email claiming to be from:
- A system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply
- From a person in authority requesting users to send them a copy of a password file or other sensitive information
Essential for network hacking which resists tracing a hacker's source, spoofing involves making an attack or interface seem as if it is coming from another source. IPv6 and other technologies seek to prevent this kind of attack through authentication.
- Ciphersecurity's FAQ
- CERT/CC - CERT Coordination Centre email spoofing tips - A general overview of email spoofing and the problems that can result from it, including information that will help you respond to such activity.
- Whatis.com "Spoof"
- Refspoof - a plugin for Mozilla