A Technical Query regarding Genuine and Spoof Emails

  hqharry 13:27 21 Jan 2013

Dear Sir/Madams,

I've been sent what I believe is a genuine email from a company that is concerning to me (it lists my personal details). After making enquiries with them with little feedback and the passing of two months, the company have sent me a response claiming it is a 'spoof email' with a printout of Header information that they use to verify their conclusion. It has taken them two months to respond.
My technical question is regarding Header information. Is it possible this can be copied/pasted/modified, then printed out and sent to me with their response?

I have read a little about Email Spoofing. If it is possible to spoof Emails, then is it possible to make genuine emails look as if they were 'spoofs' if the recipient cannot see the sender's email header information to confirm what the sender says (but had to wait two months for them to give them feedback, and was then sent an extract of Header information to back their claim up)?

I received the email in my yahoomail account. Should I take what the company states as 100% fact, or have I got justifiable reasons to doubt their response as I cannot physically verify their response but have only their word. I feel I'm doubting them because it has taken them two months to reply; the email contains my personal details; the email contains the email signature from their staff member's address it was sent from; and the staff member whom I phoned the very next day said they 'had their back turned when it was sent'.

I can provide specific information if needed, and appreciate any feedback with this.

Kind Regards

H Qadir.

  johndrew 14:55 21 Jan 2013

You may find this article on Spoof e-mails of interest. It gives information as to how the details of a header may be impersonated.

Depending on the company concerned, it may take considerable time for a response to be received, but two months is considerable. Any company that "had their back turned when it was sent" may have either poor control or no oversight but only a full investigation may determine this.

There are contacts to whom spoof e-mails may be reported depending on the country of residence, the origin of the e-mail and its intention. To seek a contact local to you I suggest a search using the term 'spoof e-mail' as an initial input.

Read more: http://www.techadvisor.co.uk/forums/1/tech-helproom/4203322/a-technical-query-regarding-genuine-and-spoof-emails/#ixzz2Icbl1BQW

  lotvic 15:31 21 Jan 2013

How to read email headers emailaddressmanager.com/tips

see also: How to analyze and read a SPAM header... (further link is on above links web page)

  hqharry 16:13 21 Jan 2013

Thankyou johnandrew and lotvic.

In their response to me, the company sent me a copy (paper copy) of what they state is an extract from the Header information (which they use to conclude is an email sent from an External source and not from their internal company email server).
The email was sent in September 2012, with an official response finally from them at the start of December.

I will word my question differently.. I am concerned at their email, specifically its contents, and as I said earlier, I only have a paper copy of their extract they state has been picked up by their spam server. So do I take their word as 100% fact and leave it at that, or is it possible for this extract theyve sent me to have been 'copied/pasted' and 'edited' in anyway in notepad for example - to make their argument seem true. I only have this on paper so is it possible to highlight Header information and edit in notepad/word?

I'm wondering if companies/anyone blame Genuine emails on 'Spoofs' in order to avoid inconvenience/complaints for them.

Please comment openly because I have reasons to doubt their response as I said.

Kind Regards, H Qadir.

  lotvic 16:24 21 Jan 2013

After you have read the info on my link in previous post and done all it advises to get the full details of the suspect email - Have you compared the email header paper copy they sent you, to the actual email header from the email you received in Sept 2012?

Once you have done that you will know if they are different.

  Woolwell 16:33 21 Jan 2013

"I'm wondering if companies/anyone blame Genuine emails on 'Spoofs' in order to avoid inconvenience/complaints for them." Why should they do that? If found out it would only make matters worse.

  rdave13 16:36 21 Jan 2013

How to see headers in Yahoo mail, click here.

  Forum Editor 22:43 21 Jan 2013

Email headers don’t always tell you the truth about where the message came from.

Spammers and email spoofers often use what are called open relays to send their bogus or malicious messages. An open relay is an SMTP server that is not correctly configured and so allows third-parties to send e-mail through it that is not sent from nor to a local user. In that case, the “Received from” field in the header only points you to the SMTP server that was victimised.

You say that the company apparently sent you an email that contained your personal details, but I'm not quite sure why that should be of such concern to you - what's the specific issue here?

  dangerus1 14:25 22 Jan 2013

I got the same sort of thing the other week purporting to come from HMRC saying I was due to a tax rebate of £410, I was quite pleased as I had done my tax returns online some weeks previous, as I read further along I realised it was a scam as it asked for details of my bank to pay the money in. HMRC already have these details and would never ask on line. The point is the email looked just like HMRC as I've been in quite frequent touch these last few months. Could someone have come across mine and HMRC traffic?

  lotvic 16:33 22 Jan 2013

dangerus1, You could compare yours to the examples on http://www.hmrc.gov.uk/security/examples.htm

  hqharry 13:47 23 Jan 2013

Thankyou all for your posts.

The specifics of the email are as follows.

I was thinking of teaching in Scotland and also got offered a job after a successful interview at a school in Perthshire. The teaching body in SCotland dont recognise my training qualifications because they only have two routes to QTS there. (The Bachelor of Education route, and PGCE route). In England we have 10-20 routes. So I made enquiries with the University that collaborated on my Teacher Training route back in 2004. I also made enquiries with other organisations such as the GTCE (which then disbanded), the TDA, the TIL, and other organisations that worked on my Training route back then. I've been teaching (with progression) for ten years now and got my QTS in '04. Some training providers also provide PGCEs when completing my training route because of the level of work involved, PGCEs also lead to the same Qualified Teacher Status (this I found from enquiries). I was then sent a PGCE certificate and supporting letter by the University. I sent these off to Scotland. They then said the University did not produce the PGCE and its fake. Then its a more serious matter because we are talking about working with kids and vulnerable young people. So I've tried to speak to University staff to figure out why this has happened after I'm awarded them. From this, I've researched some past errors they've made, things that have made the regional press. I've found another letter scanned and posted by another teacher from her solicitor which gives the same name as the staff member who signed the document that I got which the PGCE (relating to incorrect citations in a reference). I've got logs of the many calls I made when I was making enquiries.

Then this email, it contains an admission from a member of staff to have produced and sent out the document and certificate to me in error, but it says it it is sent from another member of staff's email address. The email contains the staff email signature. It was sent to my email; the staff whose name is signed in the supporting document; and my union rep. My email address and my union reps address were given to staff by me when I was makiing enquiries, including my I.D. number, details etc (to help them with enquiries and to get in touch with any support they could give).

I've tried to enquire about this, the staff member whose address it was sent from says it was 'sent without his knowledge, behind his back'. The response from the University has been poor, taking more than two months.

In their response they've included what they state is an extract from the Header of the Internal staff member who also received the email. This Header, they use to claim the email is infact a 'spoof email' because it was picked up by their external spam server and not the internal server. I only have this extract on paper. I have read the Header in my yahoomail. It is different to the extract but does contain secureserver.net once or twice in the text, and they claim secureserver.net is used for email spoofing and is hosting somehwere in the USA. I doubt I'll ever see the Header information of their Internal staff mamber because its been more than two months for their reply already, and the original email was sent 24/09/12, that long ago. This is why I've asked these questions regarding Header information. Very concerning as you can see, and its difficult to take their word for it and just leave it at that. I was not suspicious before this whole saga. Is what they've sent to me on paper, the extract of Header information they use to argue is not from their internal server and 'spoof' 100% fact? Or am I justifiably reasoning that it cant be 100%fact because its on paper and could be edited, and for many other reasons. Its been difficult for one 'joebloggs' like myself to get a reply from them as it is, so I'm understandably suspicious of their internal goings-on.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

The City of Los Angeles graphic designer job ad amuses internet

iMac Pro review

Les meilleurs smartphones Android (2018)