4

Anyone who's used a bit of PHP to send an email knows that we can use whatever name we want as the sender of an email.

To the secretary of a specific business, I can send a message requesting very sensitive customer or company information that appears exactly as if it came from her boss, bossname@companyname.com - This seems to me like a very big security issue.

Why does the email system not verify the sender's address?

It seems to me that someone would have thought to validate the sender's address some way or another when designing the infrastructure of email.

Another serious risk that exists through this:

I could send a facebook password reset email to myself, copy the format of the email, and send that same format to a user, disguised as facebook, and store the user's input password. When this confuses the user, and he/she can't log in with the new password, he/she may go and actually reset the password to that password, and now I have the user's facebook password.

3 Answers3

2

Digital signatures solve the problem of sender impersonation (at least technically) end-to-end:

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering

Signatures can be used in email through S/MIME and PGP / GnuPg certificates. For example Thunderbid has a popular Enigmail extension interfacing with GnuPG to check and sign messages. Outlook supports S/MIME.

To sign a message, a sender uses a private key that must not be shared. To check a message, a receiver uses the public key of the sender, which can be shared to everyone interested in validating this sender's messages. Such public keys are available through key servers. There are also key signing parties in which people physically meet to assert that they are who they pretend to be and sign each other's digital certificates.

So it's not that no one thought about the problem, actually it was studied in detail, solutions are implemented and have been available for a while, including in free software.

To me the question would be: Why isn't everyone using that already? Why aren't large mail providers like GMail or Outlook.com or Yahoo Mail proposing digital certificates along with email accounts, encouraging and helping their users to sign their messages? Why when joining a new company, an employee generally gets an email address and a password to send/receive messages, but not a pair of digital keys to properly sign his/her messages?

Probably, we're collectively too complacent or lazy to take the necessary steps. Maybe it's like switching from IPv4 to IPv6. We know we should do it, but we're scared of the change and effort and wait for the rest of the world to do it first, and it doesn't happen.

Daniel Vérité
  • 1,640
0

The SMTP protocol on which email was based was developed at least 20 years before schemes to perform that kind of verification were available free of encumbrance from patents, export restrictions, and the like.

If you're asking why such a feature wasn't added -- well, there have been many attempts to add such features.

David Schwartz
  • 62,365
0

Although you can put whatever you want in the from field, the IP address you send the email from cannot be forged, so it can always be traced back to the imposter.

True, people are a bit careless and just assume any email from someone they think to know is from them regardless what they ask in that email.

I for once, when I get an email in which information is asked that the person normally wouldn't ask, an internal alarm is raised (I get suspicious). I then always check the IP address from the sender and if I'm unsure, I'll contact the sender asking if they indeed sent that email.

LPChip
  • 66,193