Skip to main content

Problems with Spoofing Email

E-mail address spoofing

E-mail address spoofing involves using an e-mail address that is not your own.  When your e-mail address is spoofed, e-mails are sent that appear to be from you — but you did not send them.  Aggressive “spoofers” like to spoof BCIT addresses.

E-mail spoofing is the forgery of an e-mail header or “From” section of an e-mail so that the message appears to have come from someone or somewhere other than the actual source.  To send spoofed e-mail, senders insert commands in headers.  These alter the message information so that, for example, “junk” or virus-bearing contents — which you didn’t write — nonetheless appear to be from you.  Usually such commands to alter messages are inserted as a result of a virus on someone else’s PC.

Client Services periodically receives reports of e-mail coming onto our campus with viruses.  Some appear to be sent from valid BCIT e-mail addresses (e.g., john_smith@BCIT.CA).  In fact, these items are sent from other e-mail services and are spoofing the BCIT domain (BCIT.CA).


Unfortunately, there is no direct remedy if you are receiving e-mail with spoofed addresses attached, or if a colleague reports receiving junk e-mail seemingly from you because of your spoofed e-mail address in the From field.  One option for the recipient of spoofed e-mail is to create an incoming mail filter that filters out e-mail from the spoofed source.  If you normally receive legitimate mail from the suspect address, you must ask its owner to alert you in a particular way to any real messages.  For example, the writer might put a particular word into the subject line. Then you can use a rule to have the rest automatically deleted.

Indirectly, you certainly can stem the flow of spoofed e-mail by keeping both your office and home PC virus-free.