Forging an e-mail header
to make it appear as if it came from somewhere or someone other than the actual source. The main protocol
that is used when sending e-mail — SMTP
— does not include a way to authenticate
. There is an SMTP service extension (RFC
2554) that allows an SMTP client to negotiate a security level with a mail server
. But if this precaution is not taken anyone with the know-how can connect to the server and use it to send spoofed messages by altering the header information.
In some jurisdictions, e-mail spoofing anyone other than yourself is illegal.