Cyber Harrasment
Q: A friend, respectable chairman of a company, has become victim to an
email prank. Someone send out a "rude" attachment under his address and
people started to complain. I don't know details of the
email header (might be able to check it myself later, though). So...
1. How could this have been done?
2. Any way to trace it back to who did it?
3. Any way to prevent it from happening in the future?
For 2 and 3, I accept a "no" answer if it's explained. As for 1, I
imagine possibilities are hacking the server, or infecting the email
client. Also see question ID 97210. If you want to add some
information on how common this phenomenon is (not for spam, but for
pranks) and what the law (like US law) says about it, that would be a
bonus.
A:This looks urgent, so I'll comment straight away. I don't want to
steal the question away from a researcher, so I'm providing this on
the understanding that you pay any credit from this answer to the
researcher.
Yes, it's easy. It's called spoofing. Dedicated spoof websites are
listed in question id=127220. Some free email services, like
www.fastmail.com and software like Outlook Express allow you to
specify the sender's address. It's as simple as typing the to:
address.
Yes it's usually traceable to some extent. Get the full email header
direct from a recipient and check the path and IP addresses.
Sophisticated spoofing sometimes fakes a couple of jumps, so it's not
too easy if the culprit's been careful. Another approach is to detect
a pattern in