Email spoofing is when an email message appears to have originated from one source but it actually was sent from another source. The easiest and most common form of spoofing is when the sender's email address is spoofed. Email spoofing is often an attempt to trick the recipient into making a damaging statement, opening a virus, or releasing sensitive information (such as passwords or credit card information).

Examples of spoofed email include:

• Email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this.
• Email claiming to be from a person in authority requesting users to send them a copy of a file or other sensitive information.
• Email message with a link to a website which appears to be a legitimate website but is actually constructed for the purpose of illegally gathering private information such as passwords or bank account numbers. The link in the message may appear to be legitimate, but the actual URL is typically concealed using HTML code.
• Websites where you can "email yourself a link" or "send this to a friend" almost always spoof the sending address. For cases such as this, IT Help Central recommends using a non-TTU email address such as Hotmail, Yahoo, or Gmail.

NOTE: TechMail servers use Sender ID to verify that messages claiming to be from TechMail addresses were actually sent through TechMail servers. This means that you will not receive messages from spoofed TechMail addresses in your TechMail inbox (You may still receive spoofed TechMail messages in your other email accounts).

Emails where the recipient's address does not appear in the "To" or "Cc" lines are not necessarily spoofed emails. In these cases, the sender simply tries to trick the recipient by putting the recipient's address in the "Bcc" line where it cannot be seen.

Spoofing is possible because email protocols were not originally designed with the ability to verify the identity of the message sender.