Monday, November 5, 2012

Why Your Friends Are Calling You Fat, Among Other Things.

A came up to me and asked, “Are you saying I’m fat? I wanted to ask you about that e-mail you sent out about green tea.” I stared back at her with a dumbfounded look on my face. “I didn’t send you an e-mail like that.”

Though I hadn’t sent the e-mail, it is very likely that she received an e-mail with my name on it. Here’s why:

E-mail messages are simply a block of data with a header specifying who should receive the message, an optional subject line, and information about who sent the message. Unlike what most people seem to think, there is nothing that prevents someone from sending an e-mail with someone else’s e-mail address in the from field. A lot of people think they’ve been hacked when their friends tell them about e-mails from them that they didn’t send. This is typically not the case.

A much more likely scenario is that a spammer has received an e-mail that someone has forwarded to their whole e-mail list. You’ve seen e-mails like that. “Forward this if you love Jesus.” Or whatever. And out it goes with a big list of e-mail addresses attached to it. The spammer knows that people are more likely to trust am e-mail if they think it comes from a friend. First, he removes his own e-mail address. Then he selects one of the other e-mail addresses as the from address. He sends his own message to the other addresses on the list as if it came from that address. Over time, he may use everyone listed in the e-mail as the from address. That way, he is guaranteed to find people who recognize each other’s e-mail addresses.

Until a scheme is implemented that forces us to identify ourselves before we can send e-mail this sort of thing will continue to go on. So far, most people haven’t been too enthused about removing the anonymity of the Internet. But with it, you may think that lots of friends are calling you fat, when they know nothing about it.