This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Hierdie gesprek is in die argief. Vra asseblief 'n nuwe vraag as jy hulp nodig het.

Scam emails allowed from edited sender addresses. No security?

  • 2 antwoorde
  • 2 hierdie probleem
  • 40 views
  • Laaste antwoord deur Zenos

more options

Can I receive emails with a false sender name? Could a legitimate sender name be used to fool me into opening email/attachment? I received 2 emails with attachments from myself which I didn't send!

Can I receive emails with a false sender name? Could a legitimate sender name be used to fool me into opening email/attachment? I received 2 emails with attachments from myself which I didn't send!

All Replies (2)

more options

This is a common practice of spam mailers.

more options

If you can think of a way to prevent this, then I think you could become very rich quite quickly. Email was designed in a gentler age where it was initially something of a plaything used between academics on university networks. They didn't foresee any need to be able to validate the sender.

You could in theory travel around the world with your own computer, or you might use other people's computers, and you would be able to send email messages as yourself from multiple locations. How could any email client know how to judge if any of these were either valid or invalid?

The best answer I can come up with is to use encryption and signing e.g. gpg or S/MIME (and even this isn't absolutely bombproof). But few people seem willing to embrace the idea of digital signatures, key pairs and to use the tools necessary to encrypt and decrypt messages and validate signatures.

In Thunderbird, a useful addon is one that shows the "hops" taken by an email message, usually with a flag to indicate the country of origin. Whilst these details can also be spoofed to some extent, it's rare for the actual country of origin to be totally obfuscated. When I see a message purporting to be from my British bank that has, say, a Brazilian flag against it, then it's highly unlikely to be genuine.

https://addons.mozilla.org/en-US/thunderbird/addon/mailhops/