The Tale of A Spoofed EMAIL In A Poem
And along the same spirit, I found this poem below on stackexchange. This explains the deepest feelings of a lonely mail server.
The question is why is it so easy to SPAM emails. Me sending you one which looks like it’s from email@example.com or from your bank or mom, or whoever.
I have a copy here below, but even I’d prefer you go read it where I found it.
Context: an e-mail server, alone in a bay, somewhere in Moscow. The server just sits there idly, with an expression of expectancy.
Ah, long are the days of my servitude,
That shall be spent in ever solitude,
‘Ere comes hailing from the outer rings
The swift bearer of external tidings.
A connection is opened.
An incoming client ! Perchance a mail
To my guardianship shall be entrusted
That I may convey as the fairest steed
And to the recipient bring the full tale.
220 mailserver.kremlin.ru ESMTP Postfix (Ubuntu)
Welcome to my realm, net wanderer,
Learn that I am a mighty mail server.
How will you in this day be addressed
Shall the need rise, for your name to be guessed ?
Hail to thee, keeper of the networking,
Know that I am spawned from the pale building.
The incoming IP address resolves through the DNS to “nastyhackerz.cn”.
Noble envoy, I am yours to command,
Even though your voice comes from the hot plains
Of the land beyond the Asian mountains,
I will comply to your flimsiest demand.
MAIL FROM: firstname.lastname@example.org
RCPT TO: email@example.com
Subject: biggest bomb
I challenge you to a contest of the biggest nuclear missile,
you pathetic dummy ! First Oussama, then the Commies !
Here is my message, for you to send,
And faithfully transmit on the ether;
Mind the addresses, and name of sender
That shall be displayed at the other end.
So it was written, so it shall be done.
The message is sent, and to Russia gone.
The server sends the email as is, adding only a “Received:” header to mark the name which the client gave in its first command. Then Third World War begins. The End.
Commentary: there’s no security whatsoever in email. All the sender and receiver names are indicative and there is no reliable way to detect spoofing (otherwise there would me much fewer spams).