← Back to context

Comment by shif

8 years ago

I wonder how the domain displays on email clients like gmail and outlook, this is the scariest part, most people will just look at the domain and think it's a valid mail and follow the instructions of that mail, it could be catastrophic for companies, the ubiquity $40 million fiasco comes to mind.

4 comments

shif

Reply
mike-cardwell  8 years ago

Considering how easy email is to spoof, why bother using a unicode domain which is only similar to the target domain? Why not just use the real domain instead?

  • antinatalism  8 years ago

    Spoofing isnt so easy for gmail and yahoo inboxes. Some web-clients warn of a return path too. For sophisticated spoofing and phishing unicode domains are helpful. Plus, spoofing emails is just a small attack vector.

    • mike-cardwell  8 years ago

      Spoofing is trivially easy for gmail and yahoo. Here's me spoofing an email from fakeaddress@ycombinator.com to my gmail address:

        mike@blob:~$ telnet gmail-smtp-in.l.google.com 25
  Trying 66.102.1.26...
  Connected to gmail-smtp-in.l.google.com.
  Escape character is '^]'.
  220 mx.google.com ESMTP 19si14686133wmr.1 - gsmtp
  EHLO whatever
  250-mx.google.com at your service, [164.132.228.175]
  250-SIZE 157286400
  250-8BITMIME
  250-STARTTLS
  250-ENHANCEDSTATUSCODES
  250-PIPELINING
  250-CHUNKING
  250 SMTPUTF8
  MAIL FROM:<fakeaddress@ycombinator.com>
  250 2.1.0 OK 19si14686133wmr.1 - gsmtp
  RCPT TO:<*****@gmail.com>
  250 2.1.5 OK 19si14686133wmr.1 - gsmtp
  DATA
  354  Go ahead 19si14686133wmr.1 - gsmtp
  From: "Fake Address" <fakeaddress@ycombinator.com>
  To: *****@gmail.com
  Subject: This is a spoofed email

  Spoof spoof spoof

  --
  Spoofy McSpoof
  .
  250 2.0.0 OK 1492497764 19si14686133wmr.1 - gsmtp

      Email was delivered fine. Straight into the Inbox (not the spam folder). Even though ycombinator.com has strict SPF records which don't include my IP.

      The only clue is, in the web interface Google displays a grey octagon with a red question mark inside it next to the sender address. And when you hover over that a tooltip says:

      "Gmail couldn't verify that ycombinator.com actually sent this message (and not a spammer)"

      So yeah. I would dispute "Spoofing isnt so easy for gmail and yahoo inboxes" - They're as shit as everyone else.

    • user5994461  8 years ago

      A lot of email clients give a warning "this email might be spoofed". The good ones are more likely to send you straight to spam.

      Still, most people are unable to confirm the origin of an email. The warning, if any, is likely to be ignored.