Some mail servers do a check with forward and reverse DNS lookups, verifying that the source email address appears...
to be coming from a mail server in that environment. If a message from email@example.com doesn't have a DNS record, and forward and reverse lookups can't match bogussourcename.com with a proper IP address, then the message might be spoofed. Unfortunately, such checks are often inaccurate, and that's why a lot of servers don't perform them.
Short Message Service (SMS) spoofing is more complex, but far from impossible. The various SMS message providers -- typically cell phone service providers -- have integrated their SMS messaging with the Internet, allowing users to send messages by surfing to a Web site and simply typing one in (the user is also allowed to enter a source email address and phone number). Some SMS providers check these numbers to make sure they are accurate, but others do not.
Also, there are flaws in these SMS message-sending Web applications that can easily be exploited to bypass any attempt at verification. In fact, there are both free and commercial software applications available that will generate enormous numbers of spoofed SMS messages. So, SMS spoofing requires a little more technical savvy, but even that technical know-how has been embedded in easy-to-use, Web-based software.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Ed Skoudis
Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ... Continue Reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ... Continue Reading